MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706
SHA3-384 hash: b38e69d05d7b87d5196bff5d43f2b45b3ec3cba7f4514051daba0b14873fbc723aa3a7fc34818ca02d3cb9ffa815efa8
SHA1 hash: afb18a720fcaa461272bd9440cce471f5facc959
MD5 hash: 7dda7ccce29e80dde1dbf35916f2056e
humanhash: pennsylvania-alpha-six-oxygen
File name:SecuriteInfo.com.W32.Agent.NNJU-2136.16481.24697
Download: download sample
File size:608'284 bytes
First seen:2023-12-22 16:20:32 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash deba71fcd4e68e93af678f2a5e291977
ssdeep 12288:+R5nWFpPoSviXZVfItmaqrjxxALVmaqrjxxALaDjr:VblkYIlx/lxJD/
TLSH T184D4BEAC75A9C66BC0194D30CC8E83A4B7E1AE554E538B0B2B58574D2C739E0DD33EA7
TrID 34.8% (.CPL) Windows Control Panel Item (generic) (57583/11/19)
16.3% (.EXE) UPX compressed Win32 Executable (27066/9/6)
16.0% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
10.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
7.9% (.SCR) Windows screen saver (13097/50/3)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
342
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/469060/
Detection(s):
SecuriteInfo.com.W32.Agent.NNJU-2136.16481.24697.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
83%
Tags:
control crypto hook keylogger lolbin overlay packed packed packed shell32 upx
Link:
https://www.filescan.io/uploads/6585b76fb4e856b72823a470/reports/16f570ca-cd40-431c-a046-bd920e3acb8a/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/90bc5a7f-47a2-4f6d-983f-b7a15b91f84e
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1366320
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1366320 Sample: SecuriteInfo.com.W32.Agent.... Startdate: 22/12/2023 Architecture: WINDOWS Score: 60 21 Malicious sample detected (through community Yara rule) 2->21 23 Multi AV Scanner detection for submitted file 2->23 25 Machine Learning detection for sample 2->25 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 1 7->9         started        11 cmd.exe 1 7->11         started        13 rundll32.exe 7->13         started        15 23 other processes 7->15 process5 17 WerFault.exe 22 16 9->17         started        19 rundll32.exe 11->19         started       
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-12-22 16:21:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
10 of 23 (43.48%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u3wqp43x6qzkagm5osmi6smoetbizo2vxxejjckhgpase2kva4da._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/231222-ttmt9sfafq/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Program crash
UPX packed file
Unpacked files
SH256 hash:
8f7e7b0392ec38c6107027f3a93369d7ae868e359f36fe68d193a047f800fc34
MD5 hash:
e39961a04e956c92b805a32836d50990
SHA1 hash:
502c26b955af65b20865ee0fc6ede34afe32f1b8
Detections:
CN_Honker_WordpressScanner
Create hunting rule
Link:
https://www.unpac.me/results/89c66dd6-ee9d-4261-bf20-64ac35f3215d/
SH256 hash:
a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706
MD5 hash:
7dda7ccce29e80dde1dbf35916f2056e
SHA1 hash:
afb18a720fcaa461272bd9440cce471f5facc959
Detections:
CN_Honker_WordpressScanner
Create hunting rule
Link:
https://www.unpac.me/results/89c66dd6-ee9d-4261-bf20-64ac35f3215d/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a6ed07f377f4/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a6ed07f377f432a0199d74988f498e24c28cbb55bdc894894733c12269550706

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/469060/

Comments