MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ConnectWise

Vendor detections: 8

Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash:	761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742
SHA3-384 hash:	a7eea1ea7a733d78cbc7514eb9045de0308cd059458b922cdcc83d2dca49859230a6985348f0d44f5d4e4caf4ea476df
SHA1 hash:	b12197a877fb7e33b1cb5ba11b0da5ca706581ba
MD5 hash:	b319407e807be1a49e366f7f8ea7ee2a
humanhash:	nevada-don-ceiling-low
File name:	SecuriteInfo.com.Heur.8069.11239
Download:	download sample
Signature	ConnectWise Create hunting rule
File size:	531'456 bytes
First seen:	2024-02-29 16:23:56 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	6144:ZPpB0+E5A976t5puf9NTh/k4dKRYJUYg7N+earZ5Ghfn55AJ6m/JaXAQKx4kEYYo:dpq+Ezuf9N0RYJZPUI6
TLSH	T1F9B46C01F358CBBAC6BF27BFA830540AC770D809A34AE75F7995D4AD2C4234D9D24AE5
TrID	57.3% (.CPL) Windows Control Panel Item (generic) (57583/11/19) 13.0% (.SCR) Windows screen saver (13097/50/3) 10.4% (.EXE) Win64 Executable (generic) (10523/12/4) 6.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.4% (.EXE) Win32 Executable (generic) (4504/4/1)
Reporter	SecuriteInfoCom
Tags:	ConnectWise dll

Intelligence

File Origin

# of uploads :

# of downloads :

370

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.29065.SC.UNOFFICIAL

SecuriteInfo.com.Heur.8069.11239.UNOFFICIAL

Verdict:

No Threat

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/65e0afa72ffc4d27ab7b012b/reports/3c163d72-742d-4c83-94dc-c025d0a2ec51/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

ConnectWise

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/71ae8500-b917-472e-a106-4b60504c45c7

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

3 / 100

Link:

https://www.joesandbox.com/analysis/1401031

Behaviour

Behavior Graph:

n/a

Score:

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oynx4uf2uiu6rl6ntjijsdl7o5w5wxwr5jp3wey4qaxfpt4rq5ba._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240229-twcr3seb9v/

Unpacked files

SH256 hash:

761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

MD5 hash:

b319407e807be1a49e366f7f8ea7ee2a

SHA1 hash:

b12197a877fb7e33b1cb5ba11b0da5ca706581ba

Detections:

INDICATOR_RMM_ConnectWise_ScreenConnect

Link:

https://www.unpac.me/results/24b66ae5-5615-453a-914a-c30795abbdae/

Parent samples :

761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742
4add51cd45b7fd60dbbd612c464438ae9a0a80e0f7f40b5b6cc4a00a10b916ea
af0c898ab09223b4adb394e52928c835d144106ea382dd21418ae707687e4f76
4e81851729d58f321bb83bdb03200f62bc5ee56e0703b2d609a3923a033d5b53
77a4f959f19592757a9c5f50c0f6187370d35fec575de6c034c94ce88042823b
abbb2686d3424253ed4e183c1a2fc86e77c798801766411ee3f54943dbfe0bc3
f1d7330c15225788a2d9b7a18d9dd9d92ffd971f7e3689fd6ab9d0739a75b01a
da77b9cdcfe51d69949f7c7398976908874b4271f414a8b5bb0bedbb890e4c2e
2d7c15d87ca98d24e82cd1e1dcc81ab93a13e71faa54d47fe88a985615445f4c
425ab54a2a799c669902ddf13f47bd686ce4d08f1ee0b1bea65a750a3b03cd37
1c7dfc929d8e92aee949babc920e7994de5ef98eb9977e668f51406abed2de94
680d8c18baa77878b4ec703d4575b3070d1792c817f9b457f0240a3a84679e57
8b13ae2e374c71ac7e76cdee5faa5cbdca0238e086aa2aa5b98ee18475e81d8e

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/761b7e50baa229e8afcd9a50990d7f776ddb5ed1ea5fbb131c802e57cf918742

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

Rule name:	INDICATOR_RMM_ConnectWise_ScreenConnect Create hunting rule
Author:	ditekSHen
Description:	Detects ConnectWise Control (formerly ScreenConnect). Review RMM Inventory

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample