MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730
SHA3-384 hash: 599e3378b7fdb398689d39888381cc470ff68de9d43e18333859849942dd3927168851b9144cd92c718f0be55b246ebb
SHA1 hash: 0d325068e43121d658cca83147db5ad0efd98597
MD5 hash: 056fd34405fbe8599691adff4b0ecd3c
humanhash: grey-carolina-hot-early
File name:server.exe
Download: download sample
File size:308'736 bytes
First seen:2022-09-05 18:32:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef148cda0e459cedc3fcb797072be16b
ssdeep 6144:WfMSrSNwhr9s9Eoq9mxCBlvzkNXMWJ0kwCP5q:WUeSNwhr9poqRvkN8y
Threatray 2'419 similar samples on MalwareBazaar
TLSH T1F864A50AF7F210E4F9B6C13995A23169FC7278A54738E7DB96844A0A1B31BE4ED3D701
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter r3dbU7z
Tags:backdoor exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
610
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
server.exe
Verdict:
No threats detected
Analysis date:
2022-09-05 18:33:18 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/b9bbe43e-a265-4577-a75a-dbd936394adf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/307968/
Detection(s):
SecuriteInfo.com.Variant.Ulise.253404.25263.19188.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching a process
Searching for the window
DNS request
Сreating synchronization primitives
Launching cmd.exe command interpreter
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/36716/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware wacatac
Link:
https://www.filescan.io/uploads/631640e22021c816b88ed320/reports/ce86f84e-0de8-4f02-aa6a-c378a62ffdad/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
MicTray Keylogger
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/31ddea09-aaef-4657-82f2-af6649dc2281
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1065269
Signature
Antivirus / Scanner detection for submitted sample
Connects to many ports of the same IP (likely port scanning)
Contains functionality to start reverse TCP shell (cmd.exe)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730/
Threat name:
Win64.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2022-04-28 12:56:41 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ot7gcglbdb5kmrycjzkre5fhx255iuovly2pkkxchlajcn2p64ya._file
Verdict:
malicious
Similar samples:
0f0807cdcb400a718656d3ec845ad57ffef9e25232d50044bb8d7a5d9d2a0a98
19cc82a31d478528f3b89bea8144268153e24c25f1804a8c22250fb5670661b4
4533b5392f6e49cf20ee0821b4c8b6b74b8af274995646791ec7fe48a2615425
494e50277e9added0f90ee0791c2ac21c54c18ab0b0b9820c66fa7cf437497ce
6c02cd3294f998736222c255ddd163b9d5e72dfbf3492bfdd43519a46ed609de
b3562016293d5dad923e804f2439ce6d216d88cc3e8f8ce6d3e3bb1288f3089d
bdc9b4576df059ca895dc4f4d5491059ed86f74fa9b99ce5e9465476c4f6d9b8
e1dcadc94c7659b12eca375e35858bf68ea02a626078dd5e41eb9bede572417c
f926a1a530de30ce239568935fa6c2f04d18a29883ad34f8256efdd883d036bb
+ 2'409 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220905-w665saddcr/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730
MD5 hash:
056fd34405fbe8599691adff4b0ecd3c
SHA1 hash:
0d325068e43121d658cca83147db5ad0efd98597
Link:
https://www.unpac.me/results/b0c3c171-ba33-41bc-aadf-55b41cbf0bb4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 74fe611961187aa647024e551274a7bebbd451d55e34f52ae23ac091374ff730

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/307968/

Comments