MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f
SHA3-384 hash: 008b94e15ac85260b42402d11585ccb4e8f07d65eaceb690b9fbfd7cf99c9928629aae0be32e7ecd6e88f47dfb03fbf1
SHA1 hash: 41e2185fec61608e3321ab485edc9ba50601bb59
MD5 hash: 78b0fc6af84c789a39ca74b3ab9f88dc
humanhash: pizza-pennsylvania-cardinal-eighteen
File name:SecuriteInfo.com.Trojan.Script.2622.21183
Download: download sample
File size:898'048 bytes
First seen:2024-02-02 19:24:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8d813561e4ad07e9f8918a83e16f95c0 (1 x ValleyRAT)
ssdeep 24576:N8w41MYT0mWFR6DeLC+pjJT5cA60UhthO:Q1beL/xJtcl0UhtQ
Threatray 608 similar samples on MalwareBazaar
TLSH T118157B13B3C7C0B2EFA226F6D67453361939B839173C85CB7390287EE9906C1AA79355
TrID 37.5% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
20.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.5% (.SCR) Windows screen saver (13097/50/3)
6.8% (.EXE) Win64 Executable (generic) (10523/12/4)
File icon (PE):PE icon
dhash icon 0143850c0d810361
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
307
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/474235/
Detection(s):
SecuriteInfo.com.Trojan.Script.2622.21183.UNOFFICIAL
Create hunting rule

ditekSHen.MALWARE.Win.Trojan.RedLineDropper-AHK.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
89%
Tags:
anti-debug anti-vm fingerprint hook keylogger lolbin shell32
Link:
https://www.filescan.io/uploads/65bd41951a072d565264233f/reports/5ec3bb6e-fddf-4f61-ac70-6ce7c9a284d2/overview
Verdict:
Malicious
Labled as:
Trojan.Script
Link:
https://www.hybrid-analysis.com/sample/7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f95cfb4d-4958-4c00-a8ce-fb16dbb849b3
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1385788
Signature
Contains functionality to register a low level keyboard hook
Installs a global keyboard hook
Sample or dropped binary is a compiled AutoHotkey binary
Behaviour
Behavior Graph:
Download SVG
Score:
40%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p3mvxi2mvdh4ibeuzjp3h6oeeuyzb2xw3lrdzgo3z2gbyvpyfm7q._file
Verdict:
malicious
Similar samples:
03042961ebc91064d7e9da04ba292158b34656bf7a05bc868c8f478efa0247df
0f99eef3431f8f04eef23ccab335afcd7129e1ca69728ba2bfc929de3010e402
5e3c17b9a8fb04fc0de847833073fba6b1f5b4c302c003cfb888f93e4bd54adf
8b4341f998e7629e07ec8e3e94f93a44207af36ef704e2b22c66961f7bb74055
b6ea9a9a7c01640cdf980211e0942559566507195d91fe0d4e4b28b7406e2343
b92797965358585eadbe928c2b8531c5575caa87cbcef1171a48f1941a10b740
+ 598 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/240202-x4yw3affgl/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f
MD5 hash:
78b0fc6af84c789a39ca74b3ab9f88dc
SHA1 hash:
41e2185fec61608e3321ab485edc9ba50601bb59
Link:
https://www.unpac.me/results/0f5197e3-8ab0-4e1e-b8f2-b8c5f5cd45f7/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7ed95ba34ca8/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7ed95ba34ca8cfc40494ca5fb3f9c4253190eaf6dae23c99dbce8c1c55f82b3f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/474235/

Comments