MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee
SHA3-384 hash: 1d1609af2ae2b9af52fb95b9860dc3e6fda608ab8805669515bf72f302728e478c9e90415e61cc9706e9304d6400a9ca
SHA1 hash: 9725705301fa2e5437fc21f3f9ce1508d95dd1d4
MD5 hash: 021351898d9b23409f4bf7c252f985de
humanhash: wolfram-bluebird-delta-moon
File name:SecuriteInfo.com.Virus.Win32.VBInject.22551.23601
Download: download sample
File size:1'219'187 bytes
First seen:2023-05-29 12:30:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'526 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 24576:22UtM6RX1dOfOrrXIYRnH+gsfH9fjG5tZMVwOqCIDiCRT0uRPqRla0:22Z6RXS2oYRegs/BjHu9lmp0PqRc0
Threatray 5 similar samples on MalwareBazaar
TLSH T106452312E665697AF0664F7269338080AB333FA42C356052306A7DCDDFBF29199733D6
TrID 50.8% (.EXE) Win32 Executable PowerBASIC/Win 9.x (148303/79/28)
37.6% (.EXE) Inno Setup installer (109740/4/30)
4.8% (.EXE) Win32 Executable Delphi generic (14182/79/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f86eeae6b292c6cc
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
236
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Virus.Win32.VBInject.22551.23601
Verdict:
Suspicious activity
Analysis date:
2023-05-29 12:30:49 UTC
Tags:
installer
Link:
https://app.any.run/tasks/33896df6-820b-4e61-953f-b4863bacb205

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/393053/
Detection(s):
SecuriteInfo.com.Virus.Win32.VBInject.22551.23601.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware lolbin overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/64749b0a11ee341e24699dba/reports/f1a106b9-6160-4857-8467-8a13529daf8a/overview
Verdict:
Suspicious
Labled as:
Trojan.Afcore
Link:
https://www.hybrid-analysis.com/sample/9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5ef12a82-4d4b-4cfd-88b1-80ac52692e0e
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/1244454
Signature
Drops executables to the windows directory (C:\Windows) and starts them
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tqcpelmj4ii4iqu2d5iyp5re3lgy37cvtazzr2flgx5vru6yjpxa._file
Verdict:
unknown
Similar samples:
0ae66a84bff78660f30aedcced0846aa627775d54fbdbb2eef87e7b299139cfd
6c37bb680dc9c51f9c15e988fa3586cb9f0fe8786f2b9c9408aa953894c10180
9d9cee9d54adab8811bfb8b0e8111d74faca877fc45f2d4c9cbf63912e4e760a
c04c9af44ac55ad0ac68316661ee1bdf105444ce06389db25c4b8ed56ac3a807
e295384539da6e846a4e14df3682a306a01797577a496a279e2718ca7c464ede
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230529-pp216scc7z/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Unpacked files
SH256 hash:
4c625ec43cfe3df8a7a5ce8d24bb2e065e30af8f1ace3330393c93167c5bc73e
MD5 hash:
d48fae03cc717168b330b0583a1cbb3c
SHA1 hash:
546beab0b605c73ad9dc03ac22cb7cb93c52c0d8
Link:
https://www.unpac.me/results/49861017-9bd5-4721-b6cb-e9c66b4b52c1/
SH256 hash:
ada8a11b3357a76d56eca6e6d16b8598c3be2afbada733df692acd3beb577478
MD5 hash:
0223ec995cb7c8a03a4f75a019a30e9e
SHA1 hash:
6678664eff09a972f47f3613726cd2329fe9b6e7
Link:
https://www.unpac.me/results/49861017-9bd5-4721-b6cb-e9c66b4b52c1/
SH256 hash:
6c5fa9005875e0933804ea56037d9e0ecb3f45d2b54c26b4dd68dae4826c6299
MD5 hash:
f2e2e872a03cb410d65a7490279b3d01
SHA1 hash:
7f28ba9a799c84e57e41d31c1ad6b2f611a2d7cc
Link:
https://www.unpac.me/results/49861017-9bd5-4721-b6cb-e9c66b4b52c1/
SH256 hash:
9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee
MD5 hash:
021351898d9b23409f4bf7c252f985de
SHA1 hash:
9725705301fa2e5437fc21f3f9ce1508d95dd1d4
Link:
https://www.unpac.me/results/49861017-9bd5-4721-b6cb-e9c66b4b52c1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.53
Link:
https://yomi.yoroi.company/submissions/9c04f22d89e211c4429a1f5187f624dacd8dfc55983398e8ab35fb58d3d84bee

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/393053/

Comments