MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818
SHA3-384 hash: 22f81979e0964fb42f18c27ee5adfdab6ac0dad0c6c270733516c681447890d8148b28ef609df346177f75f3787f89cf
SHA1 hash: 95ba53d065f2516dd623749bd99c0eb1b65dfaa6
MD5 hash: 6356c680af8811523f9619def6b9e296
humanhash: green-pennsylvania-thirteen-blossom
File name:c_test.exe
Download: download sample
File size:7'337'741 bytes
First seen:2024-01-05 00:38:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bae3d3e8262d7ce7e9ee69cc1b630d3a (5 x Akira, 2 x DCRat, 1 x CrealStealer)
ssdeep 196608:GnuSe1W903eV4Q2tpDjIIAcwD0RPgvvk9LIL:mEW+eGQi9jo0Rk
TLSH T17B763390A2D85EE4D9B2813F8A91805AE631BD221B78C68787F4A5933F333C59D3F751
TrID 66.5% (.EXE) InstallShield setup (43053/19/16)
16.2% (.EXE) Win64 Executable (generic) (10523/12/4)
7.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.1% (.EXE) OS/2 Executable (generic) (2029/13)
3.0% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):PE icon
dhash icon aebc385c4ce0e8f8 (10 x PythonStealer, 7 x RedLineStealer, 7 x DCRat)
Reporter jeck11512ss
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
308
Origin country :
TW TW
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/469554/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Restart of the analyzed sample
Searching for the window
Verdict:
No Threat
Threat level:
  2.5/10
Confidence:
100%
Tags:
control expand lolbin overlay packed packed pyinstaller
Link:
https://www.filescan.io/uploads/65974fa710642636b38c09bf/reports/9431c290-0b60-4bf1-841f-1dba2f234315/overview
Verdict:
Suspicious
Labled as:
W64/S-d62ce6b7
Link:
https://www.hybrid-analysis.com/sample/961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d44b19e0-4024-4f55-8fff-982bdda3b79a
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1370114
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1370114 Sample: c_test.exe Startdate: 05/01/2024 Architecture: WINDOWS Score: 48 21 Multi AV Scanner detection for submitted file 2->21 6 c_test.exe 15 2->6         started        process3 file4 13 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 6->13 dropped 15 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 6->15 dropped 17 C:\Users\user\AppData\Local\...\python312.dll, PE32+ 6->17 dropped 19 9 other files (none is malicious) 6->19 dropped 9 c_test.exe 1 6->9         started        11 conhost.exe 6->11         started        process5
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=synfrg7j6jcen45qd2scnpexlkyjyfmmt7yirdg67ap43nmw3ama._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
pyinstaller
Link:
https://tria.ge/reports/240105-azmlxafee9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818
MD5 hash:
6356c680af8811523f9619def6b9e296
SHA1 hash:
95ba53d065f2516dd623749bd99c0eb1b65dfaa6
Detections:
PyInstaller
Create hunting rule
Link:
https://www.unpac.me/results/2c2ad2fc-b96b-4c1f-8a2a-6fa9df77dd05/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/961a589be9f24446f3b01ea426bc975ab09c158c9ff0888cdef81fcdb596d818

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:PyInstaller
Create hunting rule
Author:@bartblaze
Description:Identifies executable converted using PyInstaller.
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/469554/

Comments