MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7
SHA3-384 hash: 88e815a52a953594c592597aca56331c304d25c835e8d39e08f16920f73bb0078f8192558993973ea886f2e9dfa4468c
SHA1 hash: d3e52de4fed0657d8d17dc6bb07d62adb6b21fc8
MD5 hash: 87481f1ccfb4b63c08b5315f423afd9f
humanhash: uniform-nebraska-fillet-nuts
File name:SecuriteInfo.com.Trojan.MulDrop24.53621.28917.190
Download: download sample
File size:2'650'032 bytes
First seen:2024-01-24 21:29:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:sIL4IVvtNrZHws533HI30/iPI4WsM4MUkW813UcP:s1IVvzZHXHovWyM9WsEcP
TLSH T1EFC5231276D18972D422253366689F21F07EBC301F74CAEB43A4695DDE221D1E633BBB
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
496
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/472812/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop24.53621.28917.190.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Malicious
Labled as:
Malware.Dropper
Link:
https://www.hybrid-analysis.com/sample/ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d5ff6e75-80a4-4119-b6e0-311477cc2ec9
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
15 / 100
Link:
https://www.joesandbox.com/analysis/1380711
Behaviour
Behavior Graph:
n/a
Score:
10%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vr5o3xyopnatp3u2omuyp5t2wj47rg36wefhzz7vmoqjiyq6rh3q._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240124-1cgp9ahehn/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
f9585082faca465b7dea55b9d75997a1cdee8cd2ce00400f10de8935ff7cf5b2
MD5 hash:
2e5dd061129439d8fd40e7446327c44e
SHA1 hash:
cd22a6001c733f406093c23bb0eda72efb242f20
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
f5a05ab62cae8cea5a08acacd85a94102c14ca9003dec224ddbde658d39fc04c
MD5 hash:
5e9f956bef8a8391a563b19d82b7eede
SHA1 hash:
8b7496869805fab27ae9a7cf0dcfaad0cd399013
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
f3cb8a057df4b0838005f30eb226a5d1e3fbe0718828a862fef679e635d7aaeb
MD5 hash:
93d8fd8c8b9a66e53783afca8b2b8c00
SHA1 hash:
5c20810c1695dfe1eb5f59f4d6e1f3c57fabff23
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
cbb4c10e56dc2395525e54a64ad0bb81fc1db187a8366c4c97c574c4d13e4192
MD5 hash:
1ea3f3cfc037acc7f6533ed7c05f9a7e
SHA1 hash:
75108989e61ed55f187c6308c693532814bba834
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
bcddfd7b3909f6134ae90b4462d0372a5d4b565197fd46dd1b9610958c5cd51b
MD5 hash:
1c13eaa66c50776d811e66252bcfc16f
SHA1 hash:
f57459f159fd5f02acd10fa89b2ddf51f9e54647
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
b7b3b347af6ec4bb4a0a6d3eb25a3cb30707c5865efcab772b481950f5e7afc2
MD5 hash:
605c1e3bcd9ff11949d82978b79fc156
SHA1 hash:
25f5c5605b6a61a01efb3050ac1311d9b2ef63a0
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
a4ba699a2e779113d43e2670a65ef3576177729cc2c8e135dd8f1f078fe673a4
MD5 hash:
ae5ebfc8dfa940c8dd62a6a0316b5906
SHA1 hash:
147255797481dcf3b942c80c3d442d03794fed61
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
79e7387cd075d6c79cf0fb669137b495e9840ac0e46fd23b647f283c08d9b005
MD5 hash:
3111491ab58cf06be0a2257b0d017b30
SHA1 hash:
bfa538ad740ab1ff699f52e53b59f624c4f91127
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
780e6d72c3a6413bae589b4995a61e9aa46f6c7351afc4ccbaecf8ce966f400e
MD5 hash:
e24c30f42738192f36ebf4ceda029886
SHA1 hash:
96e62bcf9121b755870244bb3916babb86640824
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
6fb8348572973087c22a45d28fbed1606a0bf992986bd664f3b94d1e91137644
MD5 hash:
398810909cc95361ca07163141001145
SHA1 hash:
cf479b9102a93b10864628468f9ddd12e52843c6
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
66290eaf8f681739afb758612d6389d1654ad01c48c37901a24ab24d0a61a05e
MD5 hash:
35fa15e6b9d9bf10a8076d7df71c96f2
SHA1 hash:
b9ab1e1cb82cfc92b5b4f026b7ce810e7a20a91d
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
5c49fa774ad9ba10ba6eca1f70576e39379efef25031ba04660e429f1b7be25c
MD5 hash:
97ff208095f366b14847f23293d4943f
SHA1 hash:
4a93319b3edd4924843c7977b3ee4da16a809e6d
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
51f8d2ad00c96401736816a76c0afc6efa5f79e69bc90dae309ae11bc37170ea
MD5 hash:
d1949218414959eae154b6d8a73b058d
SHA1 hash:
492b971199efcf90a243a30c844b3c5ab390433b
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
4ca3fa24f1d6ffd19ed9946d3c8021e9b8a30ca66612909108a5a5dae923135e
MD5 hash:
432e9eb304f41fce4cb768c80e02d297
SHA1 hash:
16d56677eaa78f374ec35c0fec503aea473bb571
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
4308f0d232f5f53d21b98c5cdc0034e618723e9ee319460063c0e44e8fef545c
MD5 hash:
11fd635e4e4f3112f365f97223c88b96
SHA1 hash:
e65ac0db016af90564271332a58d6f92d29a41bb
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
28062728cae23e1ca8a1fa2bc9766e22fd76401206029cd18495eea1f7ca8291
MD5 hash:
96f2aca7a6c04b2cf448fb4026f931dc
SHA1 hash:
116638717747d03534e7450ec4752dd0b40db23c
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
098ecb37e1dce1b11143f17d3f8460adfce4b0bfa9b4de407bfa050e06723254
MD5 hash:
fbd276278768e8c250cf5660a1a75410
SHA1 hash:
7bee593bd5bc65d7220d6a6412bf914dfa596cec
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
SH256 hash:
ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7
MD5 hash:
87481f1ccfb4b63c08b5315f423afd9f
SHA1 hash:
d3e52de4fed0657d8d17dc6bb07d62adb6b21fc8
Link:
https://www.unpac.me/results/83714aa1-3576-4a95-8b53-f87e651e8924/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ac7aeddf0e7b4137ee9a732987f67ab279f89b7eb10a7ce7f563a094621e89f7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/472812/

Comments