MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111
SHA3-384 hash: c5813d7298245e39c9ce2ce552a13c39a6d377e94055adde7b8c5430a4b489a2ca07e453c3d06087279db0bda2bbdea0
SHA1 hash: df5133d082f4e2a991f086df1d9be3c510abe277
MD5 hash: e0144e36f7030d6667b4eb14309749c6
humanhash: whiskey-mexico-fruit-hot
File name:SecuriteInfo.com.Trojan.Siggen19.10662.23407.18002
Download: download sample
File size:258'048 bytes
First seen:2022-12-08 18:30:59 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cddebb8fa6c0a087547241e14a7bb869
ssdeep 6144:MoSI6HdTJE8LrZDa3Y4RCJOoOkvpbWTsS:MzI6zLrZDa3fRCsoPS
TLSH T1A3447CCCB0EA90B9C4370D3ECCF67AED9769A7600A305B1FA77C07381AA454C66915E7
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
154
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/344445/
Detection(s):
SecuriteInfo.com.Trojan.Siggen19.10662.23407.18002.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Launching a process
Downloading the file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed rat shell32.dll
Link:
https://www.filescan.io/uploads/63922d691651015c7bfb530e/reports/573e5874-d93f-47f8-b278-c99d16f0a750/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f8cb058d-c34b-4bd6-8bfb-b141c4db8380
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1130958
Signature
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Self deletion via cmd or bat file
Sigma detected: Powershell Download and Execute IEX
Uses ping.exe to check the status of other devices and networks
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 763682 Sample: SecuriteInfo.com.Trojan.Sig... Startdate: 08/12/2022 Architecture: WINDOWS Score: 76 33 Antivirus detection for URL or domain 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 Sigma detected: Powershell Download and Execute IEX 2->37 39 Machine Learning detection for sample 2->39 7 SecuriteInfo.com.Trojan.Siggen19.10662.23407.18002.exe 13 2->7         started        process3 dnsIp4 31 thedashami.com 103.104.73.69, 443, 49720, 49721 WEBWERKS-AS-INWebWerksIndiaPvtLtdIN India 7->31 41 Self deletion via cmd or bat file 7->41 11 cmd.exe 1 7->11         started        14 cmd.exe 1 7->14         started        signatures5 process6 signatures7 43 Uses ping.exe to check the status of other devices and networks 11->43 16 PING.EXE 1 11->16         started        19 conhost.exe 11->19         started        21 powershell.exe 14 16 14->21         started        23 conhost.exe 14->23         started        process8 dnsIp9 25 127.0.0.1 unknown unknown 16->25 27 thedashami.com 21->27 29 51.77.10.218, 49728, 80 OVHFR France 21->29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111/
Threat name:
Win32.Downloader.PsDownload
Create hunting rule
Status:
Malicious
First seen:
2022-11-15 21:25:31 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 25 (80.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2l7t25xx2bxedw5bwomanufxhwwcapgmaoawtkhe4g24k2w6eiq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/221208-w52hxadf8s/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Checks computer location settings
Blocklisted process makes network request
Malware Config
Dropper Extraction:
https://thedashami.com/assets/js/config_20.ps1
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/168b5da1-da4a-4661-b1fb-4a90d8daf041
Unpacked files
SH256 hash:
8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111
MD5 hash:
e0144e36f7030d6667b4eb14309749c6
SHA1 hash:
df5133d082f4e2a991f086df1d9be3c510abe277
Link:
https://www.unpac.me/results/2c7dd6f8-925b-4515-ad5e-aff846a4d73e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8e97f9ebb7be83720edd0d9cc03685b9ed6101e6601c0b4d47270dae2b56f111

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2451572/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/344445/

Comments