MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96287d8d8432c6087e89ff97097ba760ee87a3f22d0dde8127f002102d1b813d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96287d8d8432c6087e89ff97097ba760ee87a3f22d0dde8127f002102d1b813d
SHA3-384 hash: fd1c04f350c7d632f0b79bec09f99ae836b986ea933fdd4816cb248a28f6cc2ab8864fd6201ea06ea7e021ce55a77e99
SHA1 hash: c617e58133c7de0157c16a2c7206960862ae06ea
MD5 hash: 3d38dcffdd3fc64dda29b04d6919f927
humanhash: early-colorado-five-freddie
File name:Nota_Eletronica_18-05_ĐƤ6Ƥ8Ƥ528ijƙ¤.msi
Download: download sample
File size:24'598'016 bytes
First seen:2023-05-18 11:24:46 UTC
Last seen:2023-05-18 14:18:37 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 393216:iF0LfLh4aZG7W3kbqnt/IWl3arGxwk8BmwnMwcvUyFF/XJ+qsR51tPyJdEGbEZwm:HJZuWd5nCk8XnMwzyrsq25rPyJ52u
Threatray 29 similar samples on MalwareBazaar
TLSH T1B747332AA38BC932E51D44BBE959FE4E0539BF23033551D3B6F8392A44F1CC253B9646
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Reporter FXOLabs
Tags:msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
131
Origin country :
BR BR
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
dde shell32.dll
Link:
https://www.filescan.io/uploads/64660b11077b33bcf09eb509/reports/88396579-6834-404e-b156-72cee3a27c17/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/96287d8d8432c6087e89ff97097ba760ee87a3f22d0dde8127f002102d1b813d
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/96287d8d8432c6087e89ff97097ba760ee87a3f22d0dde8127f002102d1b813d
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1235892
Signature
Hides threads from debuggers
Machine Learning detection for dropped file
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Tries to evade analysis by execution special instruction (VM detection)
Behaviour
Behavior Graph:
Download SVG
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=syuh3dmegldaq7uj76lqs65hmdxipi7sfug55ajh6abbali3qe6q._file
Verdict:
unknown
Similar samples:
02d266017daa63108d520772e541f73a41b6d93808995d724a3e14db53696edc
28e4f08ebf77fcd69b22bfc7b3250da50606993892c0edce8828492e08484c38
2b12b31c57f35f67b1474aee1e15394b68e45d011498b8fe5693326ca2006784
3984f829f5857c513de4b0c89a2e4ccc31e05f19100d575714471d0657b5734d
4296080a2384f70638c544c1a4d598035cb895e7346080960df2413510e0c04a
4e3a2efe25c0c1f9771e113c357728e2da8fda16c1d566385dd7ca82d5986481
693f4ad5fff2c9a297b872a1d1d7dcb04e7b9c5fcd8eeff329b57932ab92096a
881b7822da80cffa41cc1c6211f554a42ee4ea92340cbdd1d51df9d20a193b03
db1d955d0078b3742f10f891b52782101b01a32061cbf250ccdeb1f02beae663
f1bc851839b4594f427c77340a1e388c651ff348ff1d08113cd45c4fcb4a6c38
+ 19 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/230518-nh98jaae86/
Behaviour
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Enumerates connected drives
Executes dropped EXE
Loads dropped DLL
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/96287d8d8432/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.46
Link:
https://yomi.yoroi.company/submissions/96287d8d8432c6087e89ff97097ba760ee87a3f22d0dde8127f002102d1b813d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link

Comments