MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3
SHA3-384 hash: 54b3734ab26aee38f22664e137638707c4054fb0e3ee232b7ca714374314f6bcce7686e0d09d2b1161e68c70899c8a22
SHA1 hash: c04d80b8e764a6b9e507506961611b49e6b96399
MD5 hash: 12a85fcd6ec9c946ef0b0ae4f22ea5db
humanhash: harry-nuts-burger-triple
File name:12a85fcd6ec9c946ef0b0ae4f22ea5db.exe
Download: download sample
File size:553'472 bytes
First seen:2023-07-25 18:30:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:N0MxW0RIYq97twXvy2eeGsnN4bf+RYKL20PrfewoIxzNm7PHv:aMZC7t0KdeGsneCL20DBZg/v
Threatray 12 similar samples on MalwareBazaar
TLSH T125C4DE2724863555D841DCBBEF10C2FDDAEB5EB725E2B916C00AC907E23B96CDB04279
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:85-217-144-143 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
265
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
12a85fcd6ec9c946ef0b0ae4f22ea5db.exe
Verdict:
Malicious activity
Analysis date:
2023-07-25 18:34:35 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/bbac41a4-24eb-488d-8bb9-9685f584fea4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/433090/
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.1838.19409.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c68a2656-9dd4-4cf7-91df-1c253ca05ed9
Result
Threat name:
n/a
Detection:
malicious
Classification:
expl.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1279455
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sample uses string decryption to hide its real strings
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected AntiVM3
Yara detected Costura Assembly Loader
Yara detected UAC Bypass using CMSTP
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-25 05:07:50 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
2
AV detection:
12 of 38 (31.58%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfksorejduzwfzh7fvpx242prdal3m4ofj4swjejwrhqoecxcdbq._file
Verdict:
unknown
Similar samples:
24e365e6ec99a774571ec4d93960c3896bbb987f43badd26406de8faa79b7211
2b8cd7175430c7efadb5156b883b63cbbd179579ee58dccb27efc68c22cdc819
4c93aab05c2fab29246d01a12e0fcd1f7f72d1c4562a42c794cc2526b82b83ef
67349de16fcd49c2df92647f3c27f5ef96506676261409e37da49c6ac5238435
7ceb921307e2d82675bc2ce3a077b6bc2ebb1cd814d970f4b5aeb59268618605
8101d65f0f12946bd742b2b7513075ea485e3134258032252bef1938ac3cd3cd
97998689dcca7f8fac116a458168c2e7575f6442ef68e4729543799d07ccd849
a2d2a62835ec13260cc35eb5773e32b5205adf74c8dac852e614f6034c634309
b958a7545a164e5dc51389b078ed83e0fa5439d78cd8053b78f2dd70d67e7a58
f5c8ba20e455c2932d230c67583a09ddf63cc0b65e3c1cd3b0382eca083c9ee5
+ 2 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230725-w525fafb32/
Unpacked files
SH256 hash:
a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3
MD5 hash:
12a85fcd6ec9c946ef0b0ae4f22ea5db
SHA1 hash:
c04d80b8e764a6b9e507506961611b49e6b96399
Link:
https://www.unpac.me/results/55eb787b-9a5e-4005-ac4f-4e92d8dbbee9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.95
Link:
https://yomi.yoroi.company/submissions/a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a9552744891d3362e4ff2d5f7d734f88c0bdb38e2a792b2489b44f07105710c3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2681797/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/433090/

Comments