MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b
SHA3-384 hash: c414cf69d14e6841f4ba84de4189794275354dd0bb9fb72af5b0e59253905b56f8656c72532ab17f7c820c1c5dcded15
SHA1 hash: 8c34b049eb431f41f8943de8bf0ff6a3bfaf4da4
MD5 hash: 30f23a329fbd1f8f9148d5907570593e
humanhash: maine-east-hamper-louisiana
File name:SecuriteInfo.com.PUA.hacktool.8101.14497
Download: download sample
File size:1'969'420 bytes
First seen:2023-06-15 16:27:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 884310b1928934402ea6fec1dbd3cf5e (3'725 x GCleaner, 3'461 x Socks5Systemz, 262 x RaccoonStealer)
ssdeep 49152:Z2kybhLllIa8d1mP49ZcoAGbTi5oz1lFOF4d1qapcqG:Mk21kh449Zco3XHz1lFO2d1Zg
TLSH T1A6953346BE999DB9F8694D308D3B80550877B6282D38A013FFE9066E6F305D0EFD2356
TrID 76.6% (.EXE) Inno Setup installer (109740/4/30)
9.9% (.EXE) Win32 Executable Delphi generic (14182/79/4)
4.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
3.1% (.EXE) Win32 Executable (generic) (4505/5/1)
1.4% (.EXE) Win16/32 Executable Delphi generic (2072/23)
File icon (PE):PE icon
dhash icon b298acbab2ca7a72 (2'327 x GCleaner, 1'631 x Socks5Systemz, 67 x RedLineStealer)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.PUA.hacktool.8101.14497
Verdict:
No threats detected
Analysis date:
2023-06-15 16:40:47 UTC
Tags:
installer
Link:
https://app.any.run/tasks/fd926d5e-1a25-4813-80c3-d332f629d076

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/399250/
Detection(s):
SecuriteInfo.com.PUA.hacktool.8101.14497.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware installer lolbin overlay packed rogue shell32.dll
Link:
https://www.filescan.io/uploads/648b3c14dea4ac2289ff4e8a/reports/2c0daaf9-f248-4e0f-9c4e-32822f588857/overview
Verdict:
Malicious
Labled as:
Riskware.PassView
Link:
https://www.hybrid-analysis.com/sample/a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/5b6b340a-595e-4da1-a720-6d81f0795011
Result
Threat name:
n/a
Detection:
suspicious
Classification:
phis
Score:
34 / 100
Link:
https://www.joesandbox.com/analysis/1255476
Signature
Creates an undocumented autostart registry key
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Whitelists domains for ActiveX usage
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 888494 Sample: SecuriteInfo.com.PUA.hackto... Startdate: 15/06/2023 Architecture: WINDOWS Score: 34 57 Multi AV Scanner detection for dropped file 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 PE file has a writeable .text section 2->61 8 SecuriteInfo.com.PUA.hacktool.8101.14497.exe 2 2->8         started        process3 file4 25 SecuriteInfo.com.P...tool.8101.14497.tmp, PE32 8->25 dropped 11 SecuriteInfo.com.PUA.hacktool.8101.14497.tmp 20 19 8->11         started        process5 file6 27 C:\Users\user\AppData\Local\...\is-TOH7V.tmp, PE32 11->27 dropped 29 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 11->29 dropped 31 C:\Users\user\AppData\Local\...\_RegDLL.tmp, PE32 11->31 dropped 33 8 other files (5 malicious) 11->33 dropped 14 KikinInstaller.exe 85 55 11->14         started        19 KikinInstaller.exe 16 11->19         started        21 IE Password Catcher.exe 1 11->21         started        process7 dnsIp8 49 upa.kikin.com 14->49 35 C:\Users\user\AppData\...\AccessControl.dll, PE32 14->35 dropped 37 C:\Program Files (x86)\kikin\uninst.exe, PE32 14->37 dropped 39 C:\Program Files (x86)\...\ie_kikin.dll.tmp, PE32 14->39 dropped 47 8 other files (5 malicious) 14->47 dropped 53 Creates an undocumented autostart registry key 14->53 55 Whitelists domains for ActiveX usage 14->55 23 KikinBroker.exe 24 14->23         started        51 upa.kikin.com 19->51 41 C:\Users\user\AppData\Local\...\UserInfo.dll, PE32 19->41 dropped 43 C:\Users\user\AppData\Local\...\System.dll, PE32 19->43 dropped 45 C:\Users\user\AppData\Local\...45SISdl.dll, PE32 19->45 dropped file9 signatures10 process11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=utncooxqgvyvmu53ist24oplj53izcptcvwycipfa7frh5kw74nq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230615-tym1tsad4s/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
NSIS installer
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
7d099352c82612ab27ddfd7310c1aa049b58128fb04ea6ea55816a40a6f6487b
MD5 hash:
1e8e11f465afdabe97f529705786b368
SHA1 hash:
ea42bed65df6618c5f5648567d81f3935e70a2a0
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
MD5 hash:
00a0194c20ee912257df53bfe258ee4a
SHA1 hash:
d7b4e319bc5119024690dc8230b9cc919b1b86b2
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
9250e89dc1a73e7b4161b405653087186eea804b65c7b5733fc4e824b1486814
MD5 hash:
1e6c2203126046fbfaf0444e078234d4
SHA1 hash:
cb6f760f7f83cf196443e21d71f48497c0a368a0
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
194215a822cba3144799fe4f2e74eb42b90b85968a8b4ac8d26c09ec97e4b632
MD5 hash:
662daf9f6e24080ea514cf99daee69b6
SHA1 hash:
96672aac5ba604ad2f86adcbf22e61b8a92031f2
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
667cacaee0adcc27ce9bf22dd1b60d02c2cc2c8f30680bf7b7df5cbaf916d428
MD5 hash:
642c70d53d309844b81e8a63cee55796
SHA1 hash:
94057b39a39635ce8a2949bbb8c917a909c9c598
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
ddba6e38c7f6b41f9a49b5c9d67e95ad6e7fbc9a9a59a1adc38394d51f1b9268
MD5 hash:
394b99a83cb30d833eb3b17113395426
SHA1 hash:
86f59a057451b64c401d12deff7c720bb16a8451
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
2a7f33ef64d666a42827c4dc377806ad97bc233819197adf9696aed5be5efac0
MD5 hash:
a401e590877ef6c928d2a97c66157094
SHA1 hash:
75e24799cf67e789fadcc8b7fddefc72fdc4cd61
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
3d0060c5c9400a487dbefe4ac132dd96b07d3a4ba3badab46a7410a667c93457
MD5 hash:
ab73c0c2a23f913eabdc4cb24b75cbad
SHA1 hash:
6569d2863d54c88dcf57c843fc310f6d9571a41e
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
bad13be11f7c876cfca9f7aba9c2e7c6ed7c5fc50fb5ad8d2e8da2b73de5e49e
MD5 hash:
022f5eeff108a44b3a336d78d35749c9
SHA1 hash:
56c7a26ebf2d06d1e1ef55f9ad361392e6c64a16
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
fd0e8be2135f3d326b65520383a3468c3983fa32c9c93594d986b16709d80f28
MD5 hash:
254f13dfd61c5b7d2119eb2550491e1d
SHA1 hash:
5083f6804ee3475f3698ab9e68611b0128e22fd6
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
7a644689f3e17a99ecec9c20240fc6eb41f7ab232cd4b17be15ab54f97b14b68
MD5 hash:
a11fc8f2477ac02436b5cc9c23954b96
SHA1 hash:
a64e5bfd35b7a57f82e5cb80509bef31763c9ee1
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
385745c5c23351398a09224a1b16656ac1a897fa7c6a44aade12691237a9d79a
MD5 hash:
f0abf9dc1121fb05ede31d4e3c7c5fb0
SHA1 hash:
92d0c52a4ba8af8e32ed191767932099bceaa358
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
de1b1980202b6f4766abd4944ec0dc1ca099f6fd480a02cdb4514c8fe5cff0c6
MD5 hash:
01d39f0c10ef4fc63ba2339b2834f6e6
SHA1 hash:
98aaaf60e7777b5faa2326f631d9fe3de6002eab
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
SH256 hash:
a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b
MD5 hash:
30f23a329fbd1f8f9148d5907570593e
SHA1 hash:
8c34b049eb431f41f8943de8bf0ff6a3bfaf4da4
Link:
https://www.unpac.me/results/5d6d9ed2-68f1-44ca-9e35-afe33883e9c4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4da273af035715653bb44a7ae39eb4f768c89f3156d8121e507cb13f556ff1b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/399250/

Comments