MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142
SHA3-384 hash: 93898cc1e83b86e9628157924a0db59dc45ed86dd14db185e1559dac8c2f284c327f512e972538dd5921adf8c7158f86
SHA1 hash: 33a3ecc92f5f6b9ef04594b314db2351c2aea792
MD5 hash: 83af87766c0d611527d8749aa4ee43ba
humanhash: burger-blue-earth-winter
File name:83af87766c0d611527d8749aa4ee43ba.exe
Download: download sample
File size:188'056 bytes
First seen:2022-09-25 07:06:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:yCzm0fcadeI25kvhOtDnCb5/OKsDjRCiiMuJ9HKb0zpMqxAEE4zYYU/bE:z3eIVmzCkRbuTHKRDfE
Threatray 16 similar samples on MalwareBazaar
TLSH T12B040185EBD05C0BDE429BB487E7E32D3778DB460FABCF1B1418A1F66C523905E254A8
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon 00868ecccce8cc50 (2 x EternityStealer, 1 x AsyncRAT)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/313110/
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.3476.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending an HTTP GET request
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Unauthorized injection to a recently created process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/632ffe8f73bbffe3a788b029/reports/a8b07c91-3c49-4470-975e-b747cf28ea6f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b6cefda8-60ee-4c89-92af-022f0625d621
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1076776
Signature
.NET source code contains potential unpacker
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-09-25 07:07:07 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
28
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=skau5wyoffunkcmd6gkabmkwcdcali7f5q5pbfszp4w2u3zkkfba._file
Verdict:
unknown
Similar samples:
29da83e8eb9f92a0d5b28f2b20a12e1c317022aac908b88e67cbb1f159252f95
41e282a6b34497e1d91e16e6ce75c1c2411ba8c050d4cd44f075e556192a45a0
5bd0413417385740c8e5a03c51900a7ad5673e17b459333c74024385b6ca688a
6238542631b73f4d10cba3147b1e3326b01bc1f0ebf1cee83423eb2a4c9a6213
87d55703f23f068bfb656f3a108f22940a0f946c6f98316dc96cb331ba1a4346
94c64f12afd02a13f709021efe6a3676f92ee6ea68ea91b67e476ba603c0b79b
96ad89ff084cb88f1bd0bf8f104b744d9bf26157aa9f117851fdbfc2b20585c5
a528ba093c83d0a15628447345e460b0b9311646a564d676bdd8d7765455a665
acbc5e7367f627f945f99b9b6e5b3debe0ab53bd62474f2c8e59564e2883217f
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/220925-hxm4nafaap/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/22b3d37b-1ae2-477a-8952-b375a5728983
Unpacked files
SH256 hash:
92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142
MD5 hash:
83af87766c0d611527d8749aa4ee43ba
SHA1 hash:
33a3ecc92f5f6b9ef04594b314db2351c2aea792
Link:
https://www.unpac.me/results/7e0e5156-e622-47b5-b602-00e046a64d25/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/92814edb0e29/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RansomwareTest6
Create hunting rule
Author:Daoyuan Wu
Description:Test Ransomware YARA rules
Rule name:RansomwareTest7
Create hunting rule
Author:Daoyuan Wu
Description:Test Ransomware YARA rules

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 92814edb0e2968d50983f19400b15610c405a3e5ec3af096597f2daa6f2a5142

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2313313/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/313110/

Comments