MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78
SHA3-384 hash: 0cb5c56c7ee0d478168007246be4595193cc5135b63f7e42af439900dbcb588053b09a81046e4594ffeee96503dec7d5
SHA1 hash: bbb3d8d70e1416241b469c3f58596986957ac39d
MD5 hash: de3eafb5fa64237cb2d54949c432f19c
humanhash: enemy-coffee-uncle-potato
File name:de3eafb5fa64237cb2d54949c432f19c
Download: download sample
File size:2'117'120 bytes
First seen:2022-05-14 14:16:13 UTC
Last seen:2022-05-14 14:33:37 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6568687b2c9d225811191553890bdbf0
ssdeep 49152:UrvyLvF8NpuhRmx6uh9ooXXLEUajSrD7mp46RleP1qKcb1Rckjv+cAc3r4dbC:gvYvFcIhEx6uboonLzQSrD7mpdRleP1G
Threatray 7'777 similar samples on MalwareBazaar
TLSH T113A57E21798048B7C1231E31B94BF379F2BD65FC0B3549C7F3B49A682966082962DD6F
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
249
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/270642/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Running batch commands
Searching for the window
DNS request
Sending an HTTP GET request
Creating a file
Sending a UDP request
Launching a process
Creating a service
Launching a service
Loading a system driver
Changing a file
Deleting a recently created file
Creating a process from a recently created file
Searching for synchronization primitives
Creating a window
Delayed writing of the file
Creating a process with a hidden window
Enabling autorun for a service
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Blocking the User Account Control
Enabling autorun by creating a file
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware keylogger packed shell32.dll
Link:
https://www.filescan.io/uploads/627fb9eefd71ca8b2ed85d90/reports/09a00678-497a-4fdc-87b0-d19530c5a470/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/5116a59a-6819-4f0e-80fa-a19339e75b66
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/994121
Signature
Found evasive API chain (may stop execution after checking mutex)
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78/
Threat name:
Win32.Trojan.Quasar
Create hunting rule
Status:
Malicious
First seen:
2022-05-14 14:17:10 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
10cc2de88fbbbc389b48ba140b79bfdbce43173ab2ea5f7ed79b48314802646a
26ba40a83c4dd2e31ae8d1cd1595cc9723cad21a4ee2f7c54d422350bce7effb
af27173ed576215bb06dab3a1526992ee1f8bd358a92d63ad0cfbc0325c70acf
bd4d52cc6d6a213f9582edcf7d40664e4804f495bb6a6bfd0fc06be4a2b832d4
cb55e00c2fc38e06759379f12f6ab27310d6b61f27a3c510549f326afb17d0e9
d327f4e4f6c73e96c204d77355171ca6fd7b29c54b234f0bdf97398e04179edc
d62d2888067b3dab7d93cba362202c4a17c086c531949b071f9758866b4c9d6b
+ 7'767 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220514-rlpb1scehj/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Downloads MZ/PE file
Unpacked files
SH256 hash:
93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78
MD5 hash:
de3eafb5fa64237cb2d54949c432f19c
SHA1 hash:
bbb3d8d70e1416241b469c3f58596986957ac39d
Link:
https://www.unpac.me/results/16d07c78-565c-4003-b950-f5b4c57c39ef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 93d2edbc498f6f8689223bcb079143a97627efe9c1f7b23687a94a1eaf223d78

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2194750/
Cape
Cape
https://www.capesandbox.com/analysis/270642/

Comments


Avatar
zbet commented on 2022-05-14 14:16:24 UTC

url : hxxps://wtyjqpaszl-torjan.oss-cn-beijing.aliyuncs.com/Main-TorJan/services.exe