MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef
SHA3-384 hash: e66f2a8cf8d9d872bd04bc8d909f8ed2a9791a9f00aa20c15df9678258e789a181360719604a9c81e3a1ef58fff10a5a
SHA1 hash: 86919455877d6eed0fb4244f3583a61c83ac8412
MD5 hash: 99f4738248cd52ed80f45b4536645125
humanhash: robert-yellow-mirror-harry
File name:csmgr.dll
Download: download sample
File size:2'431'688 bytes
First seen:2021-08-28 10:56:51 UTC
Last seen:2021-08-28 11:58:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash baa93d47220682c04d92f7797d9224ce (139 x RiseProStealer, 26 x Xtrat, 18 x CoinMiner)
ssdeep 49152:qjeoROvJaQNs/LX7ECI7xMrMXjjBKJuNqxON7oULTDIUb:ce+Ox7eLX7xIRUuExGj
Threatray 20 similar samples on MalwareBazaar
TLSH T192B5334F6D933CC0CEBB9CF40185A17560E20F31E7B5527E92BD905A251CB2EA7385BA
Reporter JAMESWT_WT
Tags:exe MATCH CONSULTANTS LTD NukeSped signed

Code Signing Certificate

Organisation:MATCH CONSULTANTS LTD
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2021-07-01T00:00:00Z
Valid to:2022-07-01T23:59:59Z
Serial number: 2114ca3bd2afd63d7fa29d744992b043
Thumbprint Algorithm:SHA256
Thumbprint: f91075a7339c939198e30897877d2c99d73fa53327b705349164432fffa37448
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
csmgr.dll
Verdict:
No threats detected
Analysis date:
2021-08-28 10:58:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9bd04142-43bb-4742-b53b-00a2d1336a97

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183050/
Detection(s):
SecuriteInfo.com.Artemis99F4738248CD.31706.14183.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Searching for analyzing tools
Searching for the window
Sending a UDP request
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/388b67a5-b74f-4d6a-b06e-13a552087fa9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/840714
Signature
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 473143 Sample: csmgr.dll Startdate: 28/08/2021 Architecture: WINDOWS Score: 60 19 Multi AV Scanner detection for submitted file 2->19 21 PE file contains section with special chars 2->21 7 loaddll64.exe 1 2->7         started        process3 signatures4 23 Tries to detect virtualization through RDTSC time measurements 7->23 10 rundll32.exe 7->10         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 7->15         started        process5 signatures6 25 Tries to detect sandboxes and other dynamic analysis tools (window names) 10->25 17 rundll32.exe 13->17         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-08-20 12:27:46 UTC
File Type:
PE+ (Dll)
AV detection:
6 of 46 (13.04%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
02afc67fc961203f4809101aeb60ef5553b6b2b3f142e39f80ba3f9e64f52704
080ee6c068e95db7a776793e167fb4bb9ad0efcb424a400ed3efe697400fc73a
0982c38ddad347ce0ff426106db78f3e51b723d7d90308a970ef43ef84fc8d75
29b10facf712978e41161daf15235a8d74ef5cf16318a5887e39ee1e8cff297b
4dd950fcdcd8483ec9346b4a5214931134975c439cf463daa3a0518cfc5db9a6
7f14f58f4e201d8fb89cd3215028e8b58bdfd103534815fe2e6d7f7b3e556300
831ba6efa4a49eb1c7ff749fe442b393c5a614f383bf1efb52512a183b4362fc
8f5b300680db95b545347229941acb9113690ab187cd7ac7b2cc601b9e31a205
937636dcc1943a63556e24db2fe6e9922d77f2999e4cd747151f70d5def03d4c
b6e4d99871249faefd2ed9dab5dd045d3d9ea13b4608262588eb157ddc312a68
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210828-vrd3bhnn4j/
Behaviour
Checks BIOS information in registry
Unpacked files
SH256 hash:
7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef
MD5 hash:
99f4738248cd52ed80f45b4536645125
SHA1 hash:
86919455877d6eed0fb4244f3583a61c83ac8412
Link:
https://www.unpac.me/results/0b842a1a-1e63-4cd7-865f-dbe518b49ffb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7f614448fc2dadd4bc8a8e495e53d1d05c13d7202eb519b687f9b0c2996b4bef

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1431334928827011075?s=20
Cape
Cape
https://www.capesandbox.com/analysis/183050/

Comments