MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5
SHA3-384 hash: 2173272e2746570687e31853991418452e677cad768eebb823fed4ff7e1bf1a17900a903b00daa7969ef0c31df9b468c
SHA1 hash: 4f1f341bc973792a731955b2df288432fee45f29
MD5 hash: 0c269fdee161558887d6d0a15306a368
humanhash: glucose-georgia-foxtrot-earth
File name:Trojan.Autorun.ATA_virussign.com_0c269fdee161558887d6d0a15306a368
Download: download sample
File size:97'190 bytes
First seen:2023-09-07 11:04:04 UTC
Last seen:2023-09-07 11:04:19 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 908e67f8b0160bfd82132ad8738bb56b (1 x QQPass)
ssdeep 1536:a7zfMMknJvVvwlTHavNbA8w9KxlO9Lc3Otp15wKwYPpLKA:ufMbJOZHaV7wdZcm19w6pB
Threatray 4 similar samples on MalwareBazaar
TLSH T126931284586F520DB7A5E02314086CEBE9142FCB5EE1D6AAD633732E4C58F171CFE266
TrID 52.9% (.EXE) Win32 Executable (generic) (4505/5/1)
23.5% (.EXE) Generic Win/DOS Executable (2002/3)
23.5% (.EXE) DOS Executable Generic (2000/1)
Reporter Turkeytmfounder
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
256
Origin country :
TR TR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Trojan.Autorun.ATA_virussign.com_0c269fdee161558887d6d0a15306a368
Verdict:
Malicious activity
Analysis date:
2023-09-07 11:04:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e6110134-e5c2-496c-9a08-9670919c15bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/447063/
Detection(s):
Win.Malware.Dqqw-9951425-0
Create hunting rule

Win.Trojan.QQPass-5710308-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Enabling the 'hidden' option for files in the %temp% directory
Сreating synchronization primitives
Creating a process from a recently created file
Sending a custom TCP request
Enabling autorun
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lolbin overlay packed packed scar shell32
Link:
https://www.filescan.io/uploads/64f9ae5f5c5d7698b7f72032/reports/ee03deec-6247-4b82-8236-77ab0edbf15e/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
QQPass
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/02bfe3af-fd02-475c-8860-5956511ebe30
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/1305667
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to hide user accounts
Creates an undocumented autostart registry key
Detected unpacking (changes PE section rights)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1305667 Sample: Iv0T7rZSr6.exe Startdate: 07/09/2023 Architecture: WINDOWS Score: 96 112 Antivirus detection for dropped file 2->112 114 Antivirus / Scanner detection for submitted sample 2->114 116 Multi AV Scanner detection for submitted file 2->116 118 2 other signatures 2->118 14 Iv0T7rZSr6.exe 1 4 2->14         started        process3 file4 96 C:\Users\user\AppData\...\Sysqemfdyul.exe, MS-DOS 14->96 dropped 98 C:\Users\user\AppData\...\Sysqamqqvaqqd.exe, MS-DOS 14->98 dropped 178 Detected unpacking (changes PE section rights) 14->178 180 Creates an undocumented autostart registry key 14->180 18 Sysqemfdyul.exe 2 14->18         started        signatures5 process6 file7 70 C:\Users\user\AppData\...\Sysqemxvlpq.exe, MS-DOS 18->70 dropped 120 Antivirus detection for dropped file 18->120 122 Multi AV Scanner detection for dropped file 18->122 124 Detected unpacking (changes PE section rights) 18->124 126 Machine Learning detection for dropped file 18->126 22 Sysqemxvlpq.exe 2 18->22         started        26 Sysqemjkkci.exe 18->26         started        signatures8 process9 file10 80 C:\Users\user\AppData\...\Sysqemkimcb.exe, MS-DOS 22->80 dropped 144 Multi AV Scanner detection for dropped file 22->144 146 Detected unpacking (changes PE section rights) 22->146 28 Sysqemkimcb.exe 2 22->28         started        82 C:\Users\user\AppData\...\Sysqemjpfnf.exe, MS-DOS 26->82 dropped 148 Antivirus detection for dropped file 26->148 150 Machine Learning detection for dropped file 26->150 32 Sysqemjpfnf.exe 26->32         started        signatures11 process12 file13 92 C:\Users\user\AppData\...\Sysqemsfzny.exe, MS-DOS 28->92 dropped 168 Antivirus detection for dropped file 28->168 170 Multi AV Scanner detection for dropped file 28->170 172 Detected unpacking (changes PE section rights) 28->172 34 Sysqemsfzny.exe 2 28->34         started        94 C:\Users\user\AppData\...\Sysqemwvyaz.exe, MS-DOS 32->94 dropped 174 Contains functionality to hide user accounts 32->174 176 Machine Learning detection for dropped file 32->176 38 Sysqemwvyaz.exe 32->38         started        signatures14 process15 file16 72 C:\Users\user\AppData\...\Sysqemayhlt.exe, MS-DOS 34->72 dropped 128 Antivirus detection for dropped file 34->128 130 Multi AV Scanner detection for dropped file 34->130 132 Detected unpacking (changes PE section rights) 34->132 40 Sysqemayhlt.exe 2 34->40         started        74 C:\Users\user\AppData\...\Sysqemprzqz.exe, MS-DOS 38->74 dropped 134 Machine Learning detection for dropped file 38->134 44 Sysqemprzqz.exe 38->44         started        signatures17 process18 file19 84 C:\Users\user\AppData\...\Sysqemiofwk.exe, MS-DOS 40->84 dropped 152 Antivirus detection for dropped file 40->152 154 Multi AV Scanner detection for dropped file 40->154 156 Detected unpacking (changes PE section rights) 40->156 46 Sysqemiofwk.exe 2 40->46         started        86 C:\Users\user\AppData\...\Sysqemzcbrx.exe, MS-DOS 44->86 dropped 158 Machine Learning detection for dropped file 44->158 50 Sysqemzcbrx.exe 44->50         started        signatures20 process21 file22 100 C:\Users\user\AppData\...\Sysqemqedhc.exe, MS-DOS 46->100 dropped 182 Antivirus detection for dropped file 46->182 184 Multi AV Scanner detection for dropped file 46->184 186 Detected unpacking (changes PE section rights) 46->186 188 Machine Learning detection for dropped file 46->188 52 Sysqemqedhc.exe 46->52         started        102 C:\Users\user\AppData\...\Sysqemjuzki.exe, MS-DOS 50->102 dropped 190 Contains functionality to hide user accounts 50->190 56 Sysqemjuzki.exe 50->56         started        signatures23 process24 file25 76 C:\Users\user\AppData\...\Sysqemxeaxb.exe, MS-DOS 52->76 dropped 136 Antivirus detection for dropped file 52->136 138 Multi AV Scanner detection for dropped file 52->138 140 Detected unpacking (changes PE section rights) 52->140 58 Sysqemxeaxb.exe 52->58         started        78 C:\Users\user\AppData\...\Sysqemwldkw.exe, MS-DOS 56->78 dropped 142 Machine Learning detection for dropped file 56->142 62 Sysqemwldkw.exe 56->62         started        signatures26 process27 file28 88 C:\Users\user\AppData\...\Sysqemkggsn.exe, MS-DOS 58->88 dropped 160 Multi AV Scanner detection for dropped file 58->160 162 Detected unpacking (changes PE section rights) 58->162 64 Sysqemkggsn.exe 58->64         started        90 C:\Users\user\AppData\...\Sysqemrcytf.exe, MS-DOS 62->90 dropped 164 Antivirus detection for dropped file 62->164 166 Machine Learning detection for dropped file 62->166 signatures29 process30 file31 68 C:\Users\user\AppData\...\Sysqemmfwbi.exe, MS-DOS 64->68 dropped 104 Antivirus detection for dropped file 64->104 106 Multi AV Scanner detection for dropped file 64->106 108 Detected unpacking (changes PE section rights) 64->108 110 Machine Learning detection for dropped file 64->110 signatures32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5/
Threat name:
Win32.Infostealer.QqPass
Create hunting rule
Status:
Malicious
First seen:
2023-06-28 09:40:00 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
36 of 38 (94.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qoekucj2tphzf7tq4l26nzegjzgh45l6bajmdlfu7sfzxneosdcq._file
Verdict:
malicious
Similar samples:
39f00d9056a5e0f8fedb37a3b14f82853ce6505af5386c3e41dd1b3c9d94d955
43a9484d6c09351a17be27e1a5203f8b3551ec830c7776bea8a3dd08f1f22cfd
7203f57b029e6942d06250400cfcfa58ab92afd76f51865848e1eeff89bbaee2
b0c2b7027cf546c5951476dad600c8047b634e8791c50d279cd6fa5c28a5ecb5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230907-m6t1saha24/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
649af3852a752de0eddc96e949cc27f5e485a7cfa887670515d6c135fa066dbd
MD5 hash:
d23ea68c51f9b5e103abffe862a7a22b
SHA1 hash:
84be8d80fba03589c2c463820efefa12fc9ab00e
Link:
https://www.unpac.me/results/2a052ec4-734b-4941-ad97-636d08722b96/
SH256 hash:
8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5
MD5 hash:
0c269fdee161558887d6d0a15306a368
SHA1 hash:
4f1f341bc973792a731955b2df288432fee45f29
Link:
https://www.unpac.me/results/2a052ec4-734b-4941-ad97-636d08722b96/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8388aa093a9bcf92fe70e2f5e6e4864e4c7e757e0812c1acb4fc8b9bb48e90c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_MPress
Create hunting rule
Author:ditekSHen
Description:Detects executables built or packed with MPress PE compressor
Rule name:maldoc_getEIP_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin
Rule name:mpress_2_xx_x86
Create hunting rule
Author:Kevin Falcoz
Description:MPRESS v2.XX x86 - no .NET
Rule name:TeslaCryptPackedMalware
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/447063/

Comments