MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7
SHA3-384 hash: 5f4b0f7576c06fe4b140a1552ab7d84dfac520dca4a223cdd8d9395d78eab644626c3450db3d4c0b6bc8bfd8fd389176
SHA1 hash: 32434a53a54249469692a1b2249059a2ce35328e
MD5 hash: 93bd8d36632062d6a0875cc86f847f55
humanhash: harry-violet-single-cardinal
File name:93bd8d36632062d6a0875cc86f847f55.exe
Download: download sample
File size:1'103'296 bytes
First seen:2024-10-17 14:55:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b5a014d7eeb4c2042897567e1288a095 (19 x HijackLoader, 14 x ValleyRAT, 12 x LummaStealer)
ssdeep 24576:P2yQPC3TDASf9Dh0NtybyoNf8B6Z7vqF3CzYzKfewSiRHNZ1X:Ppz3TDASf2q8BOiF3CzYX85
TLSH T1513512127BC0A8F8C2B5C9728F0DDB2256B3E3AA77C14F47A25A5F591DC31A1170B0DA
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10522/11/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4504/4/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
File icon (PE):PE icon
dhash icon c292ecd8f2f6fe1c (15 x HijackLoader, 11 x LummaStealer, 7 x Arechclient2)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
394
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
93bd8d36632062d6a0875cc86f847f55.exe
Verdict:
No threats detected
Analysis date:
2024-10-17 15:19:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ceeef58f-b253-466f-91ae-339f23e1ae04

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.PUA.Win32.CandyOpen.23887.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67112584e706a56b5a0289f6
Tags:
injection dropper exploit
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
epmicrosoft_visual_cc fingerprint installer lolbin microsoft_visual_cc overlay packed shell32
Link:
https://www.filescan.io/uploads/67112583bc6470761600c0a6/reports/5bb1b7b3-47c0-498e-b4dc-2acdb02210cb/overview
Verdict:
Suspicious
Labled as:
Riskware
Link:
https://www.hybrid-analysis.com/sample/afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1c26909d-48d6-4124-b2e2-a58b1e33258a
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/1536157
Signature
Uses Windows timers to delay execution
Behaviour
Behavior Graph:
Download SVG
Score:
89%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v7fkolpxyr2pe7uvq4p7zsauxsbdhz35akphuc7cu4ceikodfdtq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241017-sa1rcasake/
Behaviour
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/aa0b096f-7cef-4faf-b6bd-c1b3fe444f20
Unpacked files
SH256 hash:
afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7
MD5 hash:
93bd8d36632062d6a0875cc86f847f55
SHA1 hash:
32434a53a54249469692a1b2249059a2ce35328e
Link:
https://www.unpac.me/results/78f18413-72fa-4d93-a0d9-fc102f8938b6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe afcaa72df7c474f27e95871ffcc814bc8233e77d029e7a0be2a7044429c328e7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3221225/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CreateStreamOnHGlobal
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryA
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetDiskFreeSpaceExW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::GetSystemDirectoryW
KERNEL32.dll::GetFileAttributesW
KERNEL32.dll::FindFirstFileW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowExW

Comments