MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc
SHA3-384 hash: 5629aaffa320703304d126670df775ed810ca70e39bb74aaa3c98772b24ff65b1cb4180eb9ea00133d98bd0ba07514c5
SHA1 hash: 009407e197570b42a3aab2948daa378269f99231
MD5 hash: 018167853494b81e17e4be4c585db2f1
humanhash: golf-fruit-avocado-charlie
File name:SecuriteInfo.com.Trojan.PWS.Siggen3.24002.21433.1437
Download: download sample
File size:198'656 bytes
First seen:2022-12-01 13:29:37 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 64c1eadffab91dbab47828ec42ef51fa (1 x Khalesi, 1 x Rhadamanthys)
ssdeep 3072:Uv5ChRQUknU7TfNMXgSrayXVE9y4qQDHg2EPkoTrEsjHZvQ3hl43vpMvxGWqB2ce:dh6zU7T1DylEtDAvPJTrF5vQ37IM
Threatray 15'929 similar samples on MalwareBazaar
TLSH T17A14F16430B084B5E5DB163954B4A6B52EFD3C82077447CB2BBC20BA7EF12E955383A7
TrID 39.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.5% (.SCR) Windows screen saver (13097/50/3)
13.3% (.EXE) Win64 Executable (generic) (10523/12/4)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.PWS.Siggen3.24002.21433.1437
Verdict:
Malicious activity
Analysis date:
2022-12-01 13:30:08 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fa7580b5-b782-48ae-888f-d6a345147a95

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/341121/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.24002.21433.1437.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Searching for the window
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware shell32.dll
Link:
https://www.filescan.io/uploads/6388ac5d579915b6b303d110/reports/dfff59b4-8b23-4eea-ac8b-27e1f1d87e9a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Khalesi
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/0e5be341-816d-415b-9532-e54a89aecca2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1125391
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected AntiVM3
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc/
Threat name:
Win32.Trojan.Woreflint
Create hunting rule
Status:
Malicious
First seen:
2022-12-01 11:40:28 UTC
File Type:
PE (Exe)
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wnndsp7jovbgjledycpyaz4pjh724nrzbxs7cscujewwobxslloa._file
Verdict:
malicious
Similar samples:
15940963f5cd71e4a9f686a383211663cc501ffe34ffd9582c1300af4d56b351
2c3310a45db53d2bc092521b417c9434c919dce00876b386e39a5b7cffa3c58f
2c989418ee6df1ae08f2332ca25edc3c7ace2aa9f8ef710b80857c500b4f4c01
3e45e89d63f4a3f2091d7b1f5b2c331779c735cc45581b3f0d6f293e45fc45f1
44212fc0e7338e59097d84235ef677051327e3486960b2801099ab57f51de83a
44593f2948e2800c83e9d21abb9759e206ea94385ee5c0ddc9dc6a3e4d09273d
44cb5f67a1313320c87d07074faf1c5d98fb8e7731293558b03a834d4aac6511
94e55f1981d309c200304267e75948dde7cae6a852e2539650016c28d7575900
99188f8c8ffc354e4174e7c490cb428d337faf3f0ae8a54beef70b2e67a8012a
e9d2fc84653ded9e3b6a95d30ac8c86cd7dae65319238c9810277bee34c4d5d6
+ 15'919 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
collection discovery spyware stealer
Link:
https://tria.ge/reports/221201-qrt9sacc96/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Program crash
Accesses Microsoft Outlook profiles
Checks installed software on the system
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/91ae1401-a47c-4948-a677-3442a419bc3b
Unpacked files
SH256 hash:
b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc
MD5 hash:
018167853494b81e17e4be4c585db2f1
SHA1 hash:
009407e197570b42a3aab2948daa378269f99231
Link:
https://www.unpac.me/results/8d94e866-bca0-4aa0-8585-3e3a084b4ad2/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b35a393fe975/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b35a393fe9754264ac83c09f80678f49ffae36390de5f14854492d6706f25adc

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2440689/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/341121/

Comments