MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96b00d36a0aa5ba085946ca6e6d0ba344bf03dced35c980487b0871be0c4b6d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 96b00d36a0aa5ba085946ca6e6d0ba344bf03dced35c980487b0871be0c4b6d5
SHA3-384 hash: 813d41df2e112b63fec2efdd2e8cf2b9654cfe5e35bd0b2f66c445f06c0e82e9574ba2c1836efea0a43ed8d2e49be2cd
SHA1 hash: 1683cce3868b63039e6c70a8570b5e16f0dd40b7
MD5 hash: 22f51f835b2d91c7883f7e2cdff2d89c
humanhash: vermont-india-hawaii-vermont
File name:SecuriteInfo.com.StaticAI-SuspiciousPE.29564.26809
Download: download sample
File size:4'223'164 bytes
First seen:2022-07-06 14:54:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:Dhwrvi963PSumT0+TFiH7efPp3Z03guLI3pXCLLZldj6tCi+KfXGujLYV1gXO:Dhwq6+6efPYwuc3ELFld2qcGEWd
Threatray 3 similar samples on MalwareBazaar
TLSH T18716E011B3D584B6D1BF0638D8BA52669774BC089222C7AF9790BD697D33BC04E32376
TrID 55.1% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
20.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
11.6% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
3.6% (.SCR) Windows screen saver (13101/52/3)
2.9% (.EXE) Win64 Executable (generic) (10523/12/4)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/285176/
Detection(s):
SecuriteInfo.com.StaticAI-SuspiciousPE.29564.26809.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm greyware greyware keylogger msiexec.exe overlay packed packed rundll32.exe
Link:
https://www.filescan.io/uploads/62c5a29298766731ae83f9ab/reports/bf710d0c-6f27-470e-908a-10e424edab87/overview
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
ConnectWise
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c82b4ca2-23d2-4d76-99c2-e09115e33ce3
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
troj
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1025689
Signature
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 658181 Sample: SecuriteInfo.com.StaticAI-S... Startdate: 06/07/2022 Architecture: WINDOWS Score: 22 13 Yara detected Generic Downloader 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/96b00d36a0aa5ba085946ca6e6d0ba344bf03dced35c980487b0871be0c4b6d5/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=s2ya2nvavjn2bbmunstonuf2grf7apoo2nojqbehwcdrxygew3kq._file
Verdict:
unknown
Similar samples:
5f5d1f324ed8dc18d76f200a176d40ab2ae48e336f33c2f7b5d047d682f3260a
ed4544f9e5b144199882d21bf0fd0aeed19f3277b2f1a4c0e3be785cf4397d41
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220706-safq6seaam/
Unpacked files
SH256 hash:
96b00d36a0aa5ba085946ca6e6d0ba344bf03dced35c980487b0871be0c4b6d5
MD5 hash:
22f51f835b2d91c7883f7e2cdff2d89c
SHA1 hash:
1683cce3868b63039e6c70a8570b5e16f0dd40b7
Link:
https://www.unpac.me/results/d9335ca3-4fa9-4e89-b4b8-4215ab9c2d67/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/96b00d36a0aa5ba085946ca6e6d0ba344bf03dced35c980487b0871be0c4b6d5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_DotNET_Encrypted
Create hunting rule
Author:ditekSHen
Description:Detects encrypted or obfuscated .NET executables
Rule name:pdb_YARAify
Create hunting rule
Author:@wowabiy314
Description:PDB

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/285176/

Comments