MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25
SHA3-384 hash: 2fd7f23a4f2ac7193cb56987a42bf8d67ee5a55d3360b6d1cc8d4e7684b85bfbad909ddc12dedef93842524cc2284e0c
SHA1 hash: 77676071992ad82fb32894d8b74d632bca96869c
MD5 hash: 1abe3a85304f1491d67a6e83a4d73afd
humanhash: sink-maine-lion-seventeen
File name:1abe3a85304f1491d67a6e83a4d73afd.msi
Download: download sample
File size:536'576 bytes
First seen:2024-12-13 06:48:16 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 12288:WRCcWDDfvXeHthM/eomCjiV/HUD76dv124wcoFKxxS76dtj:WhofvEnMzHuLjXnx9f
TLSH T192B422D77D04FF00C8E64A34761A4EFCDA1F6C505BEA2C552E23F68899B1C4D5AB98C2
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter abuse_ch
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Win.Trojan.WasabiSeed-10022304-0
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675bdac1259e5b60544e2eff
Tags:
autoit trojan agent virus
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer wasabiseed
Link:
https://www.filescan.io/uploads/675bd8dfdcb1ffa21ae88a08/reports/3edc49e6-0570-4f61-82a7-9c0cdf3dd8fc/overview
Verdict:
Malicious
Labled as:
Trojan.WasabiSeed
Link:
https://www.hybrid-analysis.com/sample/a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1574270
Signature
AI detected suspicious sample
Contains functionality to register a low level keyboard hook
Found stalling execution ending in API Sleep call
Multi AV Scanner detection for submitted file
Sample or dropped binary is a compiled AutoHotkey binary
Behaviour
Behavior Graph:
Download SVG
Score:
36%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uemjeda52qqatngpbxgzjn4athd43u4xo3osjoy4biezzmpkhysq._file
Verdict:
malicious
Label(s):
admintool_autohotkey
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/241213-hlctjs1ncv/
Behaviour
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Enumerates connected drives
Drops startup file
Verdict:
Malicious
Tags:
Win.Trojan.WasabiSeed-10022304-0
YARA:
n/a
Link:
https://app.threat.zone/submission/06e352ab-bac9-43cd-9a26-b830f3fa2ee0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:maldoc_OLE_file_magic_number
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi a118920c1dd42009b4cf0dcd94b78099c7cdd39776dd24bb1c0a099cb1ea3e25

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3346435/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3346436/

Comments