MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c
SHA3-384 hash: f4605954e5f26cd34c9126b7cefe5f072c8822b1bbfd99917ef2d334d7a3e7d913ac48d8691edfdd0abce9c66d4a0650
SHA1 hash: 806d725a2d68999161983e4b5b764a1a95b8d821
MD5 hash: 54841ae18cca83f8cf6e44d12df97012
humanhash: carbon-wyoming-cardinal-hotel
File name:z39Danfe-Pedido-38373.msi
Download: download sample
File size:4'614'144 bytes
First seen:2024-04-29 19:04:17 UTC
Last seen:2024-04-29 20:03:28 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:UO9RY3ue9SPuzxM8tprVmAcpmWqEzKy9+W:tXt3SxM8vrVmAcpmJHe+W
Threatray 180 similar samples on MalwareBazaar
TLSH T1BB260126A383C52AD15D027BF559EE0E1874BF73073041E776E8396E59F1CC2A2B9B42
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Reporter FXOLabs
Tags:msi

Intelligence

File Origin
# of uploads :
4
# of downloads :
73
Origin country :
BR BR
Vendor Threat Intelligence
Verdict:
Suspicious
Link:
https://www.hybrid-analysis.com/sample/78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c
Result
Threat name:
MicroClip
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1433639
Signature
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Posts data to a JPG file (protocol mismatch)
Yara detected MicroClip
Behaviour
Behavior Graph:
Download SVG
Score:
75%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c/
Threat name:
Win64.Trojan.SpywareX
Create hunting rule
Status:
Malicious
First seen:
2024-04-29 11:54:33 UTC
File Type:
Binary (Archive)
Extracted files:
156
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pd4glpeackwhq5ai5thittemnw6cstv7skogekb4hfie3gy65ywa._file
Verdict:
unknown
Similar samples:
089a1d6ed708219b604ab7fdd2a9bd7cb28725799f9530089ea7d941a94c6bf5
258e108164864adce19cec7ffda4daa864a608ffe2fa339f3d7ce22ee805747f
4766be0783b2512c3301909586bc8b5b97afb848cf0bc99df91151d6f56bc5d5
4bce1c8aabfc58b3cbdfb50f5e6699cdea0e7f0e498e4c1df9935265780ba9ce
e873dc08f4bdd72c4234d15eafdd325eb33c958be11fb7ad1cd5c5539cb41341
f002b4ce98a9e51473831a6e0941c3c5d6301cf6853d9855c13ad2519c45e1c9
+ 170 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/240429-xrg3saad29/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.46
Link:
https://yomi.yoroi.company/submissions/78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_LATAM_MSI_Banker
Create hunting rule
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:maldoc_OLE_file_magic_number
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Microsoft Software Installer (MSI) msi 78f865bc8012ac787408ecce89cc8c6dbc294ebf929c62283c39504d9b1eee2c

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments