MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186
SHA3-384 hash: c2cb19a59b9fd9955443f2e3b3a7415dc36ef46c49c4a23744e95a37da21d6a926c58231a9ad16c6d45b10f6e0416deb
SHA1 hash: d1de140c2eceece8d4cfdb2c22d4d8a9baaa34e2
MD5 hash: d2ab22a8d48343437005035f096660bd
humanhash: apart-monkey-montana-friend
File name:SecuriteInfo.com.Trojan.Generic.2618128.17955.17247
Download: download sample
File size:103'300 bytes
First seen:2023-04-29 17:27:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:sO306E9yz+fwTwPh8oOxgm5nSQP9V09yM8g:smtMW+fwTwOlganPv09jf
Threatray 4 similar samples on MalwareBazaar
TLSH T15AA3126823963902E3D0B4319F5FB8C664EDA23DF5DD0E631FF665525F80291E22A09F
File icon (PE):PE icon
dhash icon cc93b2ccccb23dcc
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
231
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Generic.2618128.17955.17247
Verdict:
No threats detected
Analysis date:
2023-04-29 17:36:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/be1ffda4-cccc-4391-84f1-c48bbaa90c06

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/385654/
Detection(s):
PUA.Win.Packer.Upack-29
Create hunting rule

PUA.Win.Packer.Upack-12
Create hunting rule

PUA.Win.Packer.UPack-3
Create hunting rule

PUA.Win.Packer.Upack-37
Create hunting rule

PUA.Win.Packer.Upack-21
Create hunting rule

PUA.Win.Packer.Upack-48
Create hunting rule

PUA.Win.Packer.Upack39-1
Create hunting rule

PUA.Win.Packer.Upack-11
Create hunting rule

SecuriteInfo.com.Trojan.Generic.2618128.17955.17247.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.W32.Tibs.P.gen.Eldorado.11125.1568.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Сreating synchronization primitives
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/644d53a43d47a64d306b5a22/reports/ed3e9adb-5cae-4eb5-a840-355090e31bf1/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/23283ccb-523c-4344-b49b-09dbaf281042
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1223495
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186/
Threat name:
Win32.Infostealer.Prast
Create hunting rule
Status:
Malicious
First seen:
2011-07-09 12:58:00 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
24 of 37 (64.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vxe6ynejl6zn57euzmwruwyxjgbzzstltfnl6ubse4so3qqz2gda._file
Verdict:
unknown
Similar samples:
33c6038b4b571e511ae48b960a9ed78a2e18fc54ee9f956c93d1bade55e04e8b
484051fcf1d7f8de7084c7419cf49f65b85ab16642093d5c4249002e9e31a00c
b1e3da936d666cf9d671dd8f79e54afc8f524bccaca77e835bf611ec3038211c
f8ffa7ba17306839ea6e2c40602c3ca5b459b8975f33580e5442af99f374fe1a
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230429-v1zm3sde2v/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186
MD5 hash:
d2ab22a8d48343437005035f096660bd
SHA1 hash:
d1de140c2eceece8d4cfdb2c22d4d8a9baaa34e2
Link:
https://www.unpac.me/results/dd2237dc-4e48-434e-9fd9-44d580e992ed/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/adc9ec34895fb2defc94cb2d1a5b1749839cca6b995abf50322724edc219d186

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_Imphash_Mar23_3
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/385654/

Comments