MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba
SHA3-384 hash:	ca457c163c7f14585a8f2c6352d70af84f9236bc41f745e69533898a7e2eafba68040a6680793e69c7fca05def0e9784
SHA1 hash:	4104f84205aaa994996b74daa865c6c9f616238f
MD5 hash:	dce307b99a32a0005f12deed74491566
humanhash:	lactose-spring-angel-summer
File name:	SecuriteInfo.com.Win64.Malware-gen.24598.20945
Download:	download sample
File size:	13'655'552 bytes
First seen:	2023-06-30 18:44:53 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	393216:XcvPpIxXtqV3WcyDf+eADMof1P/bD1nf0qp:Xc3It2GTTXsdVMqp
Threatray	765 similar samples on MalwareBazaar
TLSH	T120D6239BB7879E36E64F01BFF425A91DCBA2D802E187F78E919D9DE02182312DC4C157
TrID	56.5% (.EXE) Win64 Executable (generic) (10523/12/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

240

Origin country :

FR

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Win64.Malware-gen.24598.20945

Verdict:

Malicious activity

Analysis date:

2023-06-30 18:49:37 UTC

Tags:

opendir

Link:

https://app.any.run/tasks/db8f86bd-c4ae-4969-8739-3e3cf0a9d2e5

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.Malware-gen.24598.20945.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request to an infection source

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed

Link:

https://www.filescan.io/uploads/649f22b12299d26882639f77/reports/ecb3bf99-4a5d-4826-adf1-c3a8c8153ca0/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba

Result

Verdict:

MALICIOUS

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/fdd49e58-9863-4311-a600-a8b5b3f10cfb

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1264196

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba/

Threat name:

ByteCode-MSIL.Trojan.Heracles

Status:

Malicious

First seen:

2023-06-28 22:59:27 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

3

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wl4htcmy3xqgx7nhfithui3tv3lwuzibesjrm7ipuq7jau4iwk5a._file

Verdict:

malicious

Similar samples:

1eb67b2f1f44eadcfba937fc9fa51038d7eb2a0a9ba164026c5ee848e3d99eac

24b05dea7290ca2ab8b49c9efd04492a09fc3e7d6cafba2003316c2a80155645

25e0f6235b109679e8f74f142eb8807c825d33070c7161c86b9600650559247e

5732c82b705016d7bf79058f82f45b01d18d2986fbc8454deeb2894da020a519

66ec3c9fb1339c6925fb508c17190aa7869e24b149abcedd771aa53ea9de27fa

b219506b8c5418d07c30c49b40ba373e2f21100fe529d79ff675941441b5a02f

b93b9b4b0168407f63a6c2c16a96e4a4b41d5d715bdb9f46254a214570ba1b6b

bd213bacf745262d609025230b73d653d2ef62875f28860ea1b4d1a65f5c5cca

f4d6fa18bba78d69e878956143665a8f6b489ad5fb5b292507debdc5d3db7008

fc6ddb1f7644597b84d14e3efa4cd1a1d1ad0083141b3fa2a613cd3c092f6505

+ 755 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230630-xd26ssfd2s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Unpacked files

SH256 hash:

b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba

MD5 hash:

dce307b99a32a0005f12deed74491566

SHA1 hash:

4104f84205aaa994996b74daa865c6c9f616238f

Link:

https://www.unpac.me/results/fae2f1f1-fcc5-4c35-843e-f590bed017a0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.69

Link:

https://yomi.yoroi.company/submissions/b2f8798998dde06bfda72a267a2373aed76a65012493167d0fa43e905388b2ba

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample