MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lucifer


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37
SHA3-384 hash: 0be8ebef22822555c94118a5dabeea61339a403fb18d381bbaf5835548964a8abfedd34649b23aadc5e4e6ffd2f79e30
SHA1 hash: 19fdc40ee9c4d4d49a75521001f68cd943764099
MD5 hash: 53740b5e22325039fb36edebef2e3abf
humanhash: texas-potato-ohio-juliet
File name:53740b5e22325039fb36edebef2e3abf
Download: download sample
Signature Lucifer
Create hunting rule
File size:635'904 bytes
First seen:2021-08-20 03:55:57 UTC
Last seen:2021-08-20 05:02:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 12288:AFNxQ9HKefECaOiWCxSfNeeE1fABdtTycgzefKX9+1KhUil53BCp:AFNYHbfECP8xSYeY4BTjgzemjB3
Threatray 1'476 similar samples on MalwareBazaar
TLSH T18BD4F1197B94BB4EC16F8E36C8515C109BF0E937A303F7576CD312EC6E8E2998A26161
Reporter zbetcheckin
Tags:32 exe Lucifer

Intelligence

File Origin
# of uploads :
2
# of downloads :
149
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
53740b5e22325039fb36edebef2e3abf
Verdict:
Malicious activity
Analysis date:
2021-08-20 03:57:42 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/09434d94-ae76-4a9b-bf9e-921b4a4c9ab4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/180844/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.24601.32551.30376.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Sending a UDP request
Unauthorized injection to a recently created process
Creating a file
Enabling the 'hidden' option for recently created files
Creating a process from a recently created file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/03eb46f5-ed7f-4ceb-80ad-f9ae50a74cf9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/836195
Signature
.NET source code contains very large array initializations
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37/
Threat name:
ByteCode-MSIL.Trojan.Heracles
Create hunting rule
Status:
Malicious
First seen:
2021-08-20 03:26:51 UTC
AV detection:
19 of 46 (41.30%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sjiayjhdt45xaoph5hxyv6jvftg2oas7ljwglrrxp5e6os7ldu3q._file
Verdict:
unknown
Similar samples:
0845d40154d331ca63220f0414c42f86888bec8eb7b23af8b589e8e5a72afd9a
Lucifer
3315dba57b06d3e95fdab93ad09e5a67755b7ecf81274b0907cfe2e051e36b3b
Lucifer
366b6d23b6e536c3b8bd769edbebc2e7dc26e38e75ac85a32a7b4512f585b68f
Lucifer
59d6ba5998d9ec44d081a04a07b76ed567b53fd8a7d97c07bb77da75172fe377
Lucifer
5a06b1aee5d39a7c1f86db45aec3215560a5bb3d9e1fab189b18877e3be10e36
Lucifer
65c205b93cf9c6d9e9acd5336e010a43309688bfc2e28cffbb5ba8973757fd49
Lucifer
70def7c02d96cb8aab6702e0d6f32c72d7fafbd2b883e09007de9fe204cd3f59
Lucifer
e58365faedd335953c8f41dc5d7e9056c6db3924628dcf977ad7e556410d558a
Lucifer
ecd0c9515106232ce9cb2e64bd93d688a4e6211dd0a42582f39435c3652ccf86
Lucifer
f2823d516c4400006d59e039e27dec46995b5108d9c1b1946562f1e4ef65bc79
Lucifer
+ 1'466 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/210820-gt4724pzjj/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
d883c1d9bff11e2252c49b2743fc3d7769e924f2502efc7674b687427b49ccf6
MD5 hash:
fccc5e1df91aa936294f6720cc4064d1
SHA1 hash:
e9b197f6c1df2c729f4e54354a18675b2e09810b
Link:
https://www.unpac.me/results/2d6fe36d-5c9d-4b6a-9690-e86bb50136dd/
SH256 hash:
6912e4bedd1288f116e968f0a79d9797f6d6bd24d45a5f10c52e20f9d33b8c61
MD5 hash:
03bde4a82ad64c0f314985232fbca3fa
SHA1 hash:
e8d0b6339e94192eaaca32c812f914e60576dca6
Link:
https://www.unpac.me/results/2d6fe36d-5c9d-4b6a-9690-e86bb50136dd/
SH256 hash:
4f3517cb3e88050fe1f8bf48c2c012d61f63cf11fd86e0fdbd65e2e56fb93206
MD5 hash:
014df2def76c68c95abc5a38b9710685
SHA1 hash:
4809b00fca1b763e8a4ef00e5aa9ec101312439f
Link:
https://www.unpac.me/results/2d6fe36d-5c9d-4b6a-9690-e86bb50136dd/
SH256 hash:
92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37
MD5 hash:
53740b5e22325039fb36edebef2e3abf
SHA1 hash:
19fdc40ee9c4d4d49a75521001f68cd943764099
Link:
https://www.unpac.me/results/2d6fe36d-5c9d-4b6a-9690-e86bb50136dd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Lucifer

Executable exe 92500c24e39f3b7039e7e9ef8af9352ccda7025f5a6c65c6377f49e74beb1d37

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1548098/
Cape
Cape
https://www.capesandbox.com/analysis/180844/

Comments


Avatar
zbet commented on 2021-08-20 03:55:58 UTC

url : hxxp://45.156.27.166/sadL.exe