MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94596876e5408289110c03aee0bf01dda5d9632d4614041e644bf4809fc46b5f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94596876e5408289110c03aee0bf01dda5d9632d4614041e644bf4809fc46b5f
SHA3-384 hash: 6c147099198786abf7c09f4cead8920dda86067cdaf0db190ca8e27fc4716c8d5cb66113585c097a3e7de46d96ac1bc4
SHA1 hash: 5092fccaffd7460477e1578eff164275d7d51de0
MD5 hash: fde0eb59a42b9f86e948a7ed404122e4
humanhash: louisiana-diet-lion-don
File name:SecuriteInfo.com.Inject4.HM.9257.14777
Download: download sample
File size:234'863 bytes
First seen:2020-06-19 14:44:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e160ef8e55bb9d162da4e266afd9eef3 (140 x GuLoader, 33 x RemcosRAT, 17 x AgentTesla)
ssdeep 6144:IwHysHqdlIFUzSUH1pvdFXLQAf5AJkXiRV:DHqTIFUzVpvdtLQGER3
Threatray 42 similar samples on MalwareBazaar
TLSH 2D3412612BE588F7E1A74DB21B73BB33E1BF85441130084B1F987AB55D267D3891A2B3
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9636/
Detection(s):
SecuriteInfo.com.Inject4.HM.9257.14777.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Soft32downloader-6691270-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2017-10-10 03:05:24 UTC
File Type:
PE (Exe)
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
2d40a6c3d1200616055b55031daa8a6b010b3c99219f6b6da87bcd2b2f27d6c2
3434bb383c8dd721266f60e07820474205d70c5da9ebb465109ace7894567437
40d8ba1b4ae578829ce958a356395307e27eda0512bc78021ccb93e4b26134f7
44c7ef261a066790a4ce332afc634fb5f89f3273c0c908ec02ab666088b27757
488af046fee2222b41dee6a16486507f74c637e23738d40f49e36e489abba3ef
5ade1071b7d6a1abe0b851d953fe1571f7372bce3d48f0adedfbbecd02c512c6
9105005851fbf7a7d757109cf697237c0766e6948c7d88089ac6cf25fe1e9b15
c5aa2a24607b845bd3fa1f856a072061ef62831a5dc138eba9e8199c3cc10696
e5b32b4bb73f9bf50a9e4e3236ea3bf54577675b46d98deb142d668e7ea1653a
fd869766f1f735b4c1479ec1300fd63f4a203142e4ed0e6ac18f05d1cdba3ac8
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-dqh8s1eh7j/
Behaviour
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_WebMonitor_RAT
Create hunting rule
Author:Florian Roth
Description:Detects WebMonitor RAT
Reference:https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/
Rule name:win_vobfus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator
Rule name:win_webmonitor_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/9636/

Comments