MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a
SHA3-384 hash: 27e9c733ec4035beac8f4fd8afc3a97e324542919d7166ca3ede662a186aaee52039721c5cb85ca6e9be07c6a6a5646b
SHA1 hash: 7325726627dd4ac244730f35bc8ded3463960072
MD5 hash: 157b8b1b340f665ebd4d13ca72ce059a
humanhash: monkey-red-oxygen-south
File name:157b8b1b340f665ebd4d13ca72ce059a
Download: download sample
File size:445'608 bytes
First seen:2022-03-28 19:06:34 UTC
Last seen:2022-03-28 19:41:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ca13c8701271aa55971268f1f04fdca5
ssdeep 12288:PX6xDTMioNcOQWEKb21mmjOhp0F/hV3+U:PXcnM7NHQWEKOj35F+U
Threatray 555 similar samples on MalwareBazaar
TLSH T15094228CEAAC2310D9BC8175E9394F59B888A96F8DD81D30F2C3F15B5B77761231622D
File icon (PE):PE icon
dhash icon f8c8e0b0b8b2e4f0
Reporter zbetcheckin
Tags:32 exe signed

Code Signing Certificate

Organisation:ElectronicArt Milan Studium IT
Issuer:ElectronicArt Milan Studium IT
Algorithm:sha1WithRSAEncryption
Valid from:2022-03-27T11:59:05Z
Valid to:2032-03-28T11:59:05Z
Serial number: 4c92b666dca6409548293427125a3638
Intelligence: 5 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: addae8abc37c01000c21b275a0bcae1621e819ca13af489036cbbe05a206c6ca
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
180
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
https://mastercracked.com/auslogics-boostspeed-premium-crack/
Verdict:
Malicious activity
Analysis date:
2022-03-29 04:12:47 UTC
Tags:
trojan autoit loader evasion rat redline stealer opendir asyncrat
Link:
https://app.any.run/tasks/77c7d1e6-48e1-4846-954d-a8083111e735

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/258751/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.24271.9616.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62420759a19c649412a1277b/reports/2274f728-c1e3-4592-9de9-97ea1159c46e/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
EClipper
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/33aa1734-ae34-4430-bded-0fd857da6b62
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/966145
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to check if a debugger is running (CheckRemoteDebuggerPresent)
Detected unpacking (changes PE section rights)
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Sigma detected: File Created with System Process Name
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-03-28 15:39:52 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
18 of 26 (69.23%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3b6d92296785155333ce6e44a0b43d280ab50fdfd178d0b6929e8298cf18d929
3db995ab386682dabab33188fd255f3930e4791bbfc7b9f494f365516e76ade1
423603734e03a0601620dfa8522bbddfc14de5418da253167f46f3a14cca4979
6087cbea917f0062401149be475a2d9440d00ce2a962d3be3b16f26264729233
60fc9267ff51de1c8910f5f4b8a393ab3290838c461eafb8189db587cb33f822
8b3e4b4ebbb727564e6aea41a152f83c45ea37fbf2e26db6ce458083252a950a
adb2e5bb2471f3ab9919f8bce64c329e64295dc6cba297182379552bd11abd46
d80dcd1d4d7a1ec2885b9c7a59e90f3480cac248c5b0f7198a37cb736ec69ef5
+ 545 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220328-xsmdwsaacq/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of NtSetInformationThreadHideFromDebugger
Adds Run key to start application
Unpacked files
SH256 hash:
458af93ac182be5b4bc750d8eaff157d777e968a9f875123bbceb196b124d32a
MD5 hash:
e0b711fdbe9ab7e8b61e0b34e21a10af
SHA1 hash:
8bfd913576394459876b719ce662ed43cdfb9447
Link:
https://www.unpac.me/results/f9987f18-c259-4f50-9547-b596e84db719/
SH256 hash:
9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a
MD5 hash:
157b8b1b340f665ebd4d13ca72ce059a
SHA1 hash:
7325726627dd4ac244730f35bc8ded3463960072
Link:
https://www.unpac.me/results/f9987f18-c259-4f50-9547-b596e84db719/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9872c46b016d2e96a1cfe675346e3b249956500bc4dcddfb42e6afbc9726a36a

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2117688/
Cape
Cape
https://www.capesandbox.com/analysis/258751/

Comments


Avatar
zbet commented on 2022-03-28 19:06:36 UTC

url : hxxp://zonasertaneja.com.br/5/data64_5.exe