MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bbf243dc3cdaf4f2a9f85680e8085e14a1764742dcc578c817feb3d7133c679. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bbf243dc3cdaf4f2a9f85680e8085e14a1764742dcc578c817feb3d7133c679
SHA3-384 hash: dffe214ddc41b8cad8f8e5b2f0dd8d839226c94eb4541c35f4a67228f757291f51558eecb3e46782dc150cab14890572
SHA1 hash: d02b5b3fec03967c462c5c136142fa033a512c62
MD5 hash: ee3d858b1402bccf41d781dd5eb4ecc9
humanhash: seventeen-potato-lemon-stream
File name:SecuriteInfo.com.Trojan.DownLoader44.47619.25148.31463
Download: download sample
File size:4'363'776 bytes
First seen:2022-04-22 09:49:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash d1064e22b9d7099d148327a96198f297
ssdeep 49152:7gOtny7uutfSJCKY56SH4jFsz3wmbfBfRLHg32TugZwqh6oOe:7g4yu840AmFIYh6o
Threatray 3 similar samples on MalwareBazaar
TLSH T104162992B2C56539C06A3F364937A6D8993FAF516602CCDE17A43BCCCF37441252AE1B
TrID 61.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
15.5% (.EXE) Win64 Executable (generic) (10523/12/4)
6.6% (.EXE) Win32 Executable (generic) (4505/5/1)
4.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
3.0% (.EXE) Win16/32 Executable Delphi generic (2072/23)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
197
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/265720/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

SecuriteInfo.com.Trojan.DownLoader44.47619.25148.31463.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe expand.exe keylogger pos rat replace.exe
Link:
https://www.filescan.io/uploads/62627b64f9ec17cfbab75de9/reports/fedf32d9-4af0-4144-848f-d48a2648c659/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8e578ca9-0edb-4f87-96bb-99c4bee683bd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/981329
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 613817 Sample: SecuriteInfo.com.Trojan.Dow... Startdate: 22/04/2022 Architecture: WINDOWS Score: 60 33 Antivirus detection for URL or domain 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 Sigma detected: Suspicious Call by Ordinal 2->37 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 rundll32.exe 8->12         started        14 cmd.exe 1 8->14         started        16 6 other processes 8->16 process5 18 WerFault.exe 2 9 10->18         started        21 WerFault.exe 9 12->21         started        23 WerFault.exe 12->23         started        25 rundll32.exe 14->25         started        27 WerFault.exe 16->27         started        dnsIp6 31 192.168.2.1 unknown unknown 18->31 29 WerFault.exe 23 9 25->29         started        process7
Detection:
azorult
Create hunting rule
Link:
https://mwdb.cert.pl/sample/8bbf243dc3cdaf4f2a9f85680e8085e14a1764742dcc578c817feb3d7133c679/
Threat name:
Win32.Trojan.Grandoreiro
Create hunting rule
Status:
Malicious
First seen:
2022-03-25 18:16:32 UTC
File Type:
PE (Dll)
Extracted files:
107
AV detection:
21 of 26 (80.77%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
9a70a9ac1c49054d3ae1d86d24d111f42e94dabbb102a36a33fe54553c4a5d40
dad37940e538341866ebd7391e0a5a9ca91909ba35b984c36387f88b248d2d3c
f209e42a76bd1c0641c50c8e22948ac19fa32b39fb63117715872bc43a50b448
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220422-lwebxabgd5/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
d36820e6416630e4ca1a3f6d1cf0c0dd525e849f80b67e7e1ad9c417c2880a4f
MD5 hash:
e8b0727cf3bf87c1795170549265958e
SHA1 hash:
2f4044a0b5557671f37ef5d5300bf7b0c8885433
Detections:
win_houdini_auto
Create hunting rule
Link:
https://www.unpac.me/results/ad4f4bf2-21b3-4a3d-b1a7-6ed8a5ec8b24/
SH256 hash:
8bbf243dc3cdaf4f2a9f85680e8085e14a1764742dcc578c817feb3d7133c679
MD5 hash:
ee3d858b1402bccf41d781dd5eb4ecc9
SHA1 hash:
d02b5b3fec03967c462c5c136142fa033a512c62
Detections:
win_houdini_auto
Create hunting rule
Link:
https://www.unpac.me/results/ad4f4bf2-21b3-4a3d-b1a7-6ed8a5ec8b24/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8bbf243dc3cdaf4f2a9f85680e8085e14a1764742dcc578c817feb3d7133c679

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_houdini_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/265720/

Comments