MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd
SHA3-384 hash: 732fd6ac151afb5e4757f016b2ab2353c1fb6f70af204d35472cb765dc154dbacae05200064809b8ea7854024a59e0dc
SHA1 hash: ab91f2ea2cb7e0136966989897a3c031c6eeefd2
MD5 hash: 76596ed814c5d83ef2be1862b1843634
humanhash: early-oklahoma-april-violet
File name:SecuriteInfo.com.Win64.PWSX-gen.13965.6561
Download: download sample
File size:26'112 bytes
First seen:2023-06-05 02:27:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 768:D7wV4v2B6XMXvbp5/eu3RMZQ3kGNhEwlfjfm:DcVe20Gbp5/euy0kaawFTm
Threatray 1'563 similar samples on MalwareBazaar
TLSH T10BC2081463F88766E9FA8BF558B2121453B67BBB7532DB0C1DC5A0DE2A63F404242B73
TrID 44.4% (.EXE) Win64 Executable (generic) (10523/12/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
260
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.PWSX-gen.13965.6561
Verdict:
Malicious activity
Analysis date:
2023-06-05 02:29:29 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/2be88d3f-56a6-4b0e-b6fe-2e0b9566c4fd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/395700/
Detection(s):
SecuriteInfo.com.Win64.PWSX-gen.13965.6561.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Launching a process
Creating a file
Forced shutdown of a system process
Sending an HTTP GET request to an infection source
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/647d48324a2904460fdb8782/reports/7f3e99e9-e81a-4bfd-96ec-784d353a925b/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/229eaee8-bed1-49be-8a2f-3b63ba409409
Result
Threat name:
FormBook
Create hunting rule
Detection:
malicious
Classification:
troj.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1248545
Signature
.NET source code references suspicious native API functions
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Maps a DLL or memory area into another process
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Writes to foreign memory regions
Yara detected AntiVM3
Yara detected FormBook
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd/
Threat name:
ByteCode-MSIL.Trojan.AgentTesla
Create hunting rule
Status:
Malicious
First seen:
2023-06-05 00:29:56 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ohpp2g5lhm55jjut7btmqtlu7g4wuw2sgr5t7ljvfxhbkkth3s6q._file
Verdict:
malicious
Similar samples:
0691d99c393b0ae398a1096ddfb0179bacc2818f3b1d9a6c620d094fd09f8bc8
2779b729bdaa3807f8cb81e680a8497a1694345b5214db7648e7624f545991b3
6326bea9cec6e2baec63ed96cd31a97770c6a63b96d1169a8b5586ec071c8778
633cdb2f59d4836476806e7083d71714a34d831c854ec337cdf823328e5eeb58
65a2b3cf112d50e941051116e68b736239d521bf7611e143ae1c83f93716f6f5
96af204d2dfb74c2fba800c451c04b6c71443be7bd68fadcf718cfda4cfb20e5
9a2232a4a9ceef2c3fcfee0acca71d5717395aff8abd1b6b26aa3a5c266b3fae
9d31bb5aa1c796ad53caab202d5fe30d09157bf81ed3cc93ea1225e78aff0624
b075b40cecd6da99c0d8793f49b4f672abbf0e688a818f94e746170ef5fb6a89
d558591f6cfe858a8bbd58b18cf2e3e5e5a5f2c9e0b56913dfd1a0094d1bf6b2
+ 1'553 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/230605-cxzvkafb2y/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd
MD5 hash:
76596ed814c5d83ef2be1862b1843634
SHA1 hash:
ab91f2ea2cb7e0136966989897a3c031c6eeefd2
Link:
https://www.unpac.me/results/214cea6f-a192-4bb9-8d34-dc54925e3142/
Malware family:
XLoader
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/71defd1bab3b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/71defd1bab3b3bd4a693f866c84d74f9b96a5b52347b3fad352dce152a67dcbd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/395700/

Comments