MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SVCReady


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef
SHA3-384 hash: d5d4ff8247adc628baaf66d63365e8ffe4613c5f55b0abf650652d2adc2d3183df301016e95346c3622628715ad4b365
SHA1 hash: dee9d64a327a559017fcc083874b3ea7851eaa86
MD5 hash: 6afec903bc7ec0aa4529eb53e0b42ca6
humanhash: nitrogen-lithium-april-montana
File name:62f232bfd829f.dll
Download: download sample
Signature SVCReady
Create hunting rule
File size:1'258'496 bytes
First seen:2022-08-09 10:18:38 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fed72cde2966a01f5f7dd73206e411f6 (1 x SVCReady)
ssdeep 24576:MPHDqYnwcmIDKe8/Ff59rt40J+iTyaUkSAhlHJbsRVX:
Threatray 131 similar samples on MalwareBazaar
TLSH T10945BFB876047DD6A66F567BDA96ECDC03B627338A8BA4CD90647BC30563371FE02805
TrID 38.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
26.3% (.EXE) Win32 Executable (generic) (4505/5/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.6% (.EXE) Generic Win/DOS Executable (2002/3)
11.6% (.EXE) DOS Executable Generic (2000/1)
Reporter JAMESWT_WT
Tags:agenziaentrate agenziariscossione dll SVCReady

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/297286/
Detection(s):
SecuriteInfo.com.Trojan.Win32.Sabsik.FL.Bml.16856.17612.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62f234e7e4e65a67c498ba7f/reports/59d26c7b-bc8a-487b-90a2-d4b6ad85b0c9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/58a43b19-4114-44cb-a2f1-00c8b6fc85ef
Result
Threat name:
ReflectiveLoader, SVCReady
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/1048417
Signature
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to delay execution (extensive OutputDebugStringW loop)
Yara detected ReflectiveLoader
Yara detected SVCReady Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef/
Threat name:
Win32.Trojan.Svcready
Create hunting rule
Status:
Malicious
First seen:
2022-08-09 10:19:09 UTC
File Type:
PE (Dll)
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wyzcv4duty3b7dxlm4pcoylqkhb7hp64i2ekumc4eucqn3ae57xq._file
Verdict:
malicious
Similar samples:
18fdbfe5b3780b79f3dd10ab65b0c08ecaa3eab6536055513c6507a27e37a89e
SVCReady
2956779991070281c8dba226d96849ce5272818d38f96d29a7832e894b220ea4
SVCReady
41148bd3c83c0e9334cb8c54aee40a157314fa2f43ff82c780a661fb656675a1
SVCReady
5feb8b2988d631bca34004c8ba13f043f585150b9cd83aad3a8e8c4839eb6a0b
SVCReady
a9f95fd06a5444a4c5d0d4c553a81a4f5f421aea9e07f2bb6b270183f19b7a49
SVCReady
f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8
SVCReady
+ 121 additional samples on MalwareBazaar
Result
Malware family:
svcready
Create hunting rule
Score:
  10/10
Tags:
family:svcready loader
Link:
https://tria.ge/reports/220809-mchqnagger/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Detects SVCReady loader
SVCReady
Unpacked files
SH256 hash:
b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef
MD5 hash:
6afec903bc7ec0aa4529eb53e0b42ca6
SHA1 hash:
dee9d64a327a559017fcc083874b3ea7851eaa86
Link:
https://www.unpac.me/results/df96fc4c-e75d-4c2f-818e-fbea61db1bac/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/b6322af0749e361f8eeb671e27617051c3f3bfdc4688aa305c250506ec04efef

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:crime_win32_svcready_loader_unpacked
Create hunting rule
Author:Rony (@r0ny_123)
Rule name:simp_dll_svcready
Create hunting rule
Author:@stoerchl
Description:SVCReadyLoader DLL
Rule name:svcready_bin
Create hunting rule
Author:James_inthe_box
Description:SVCReady
Reference:f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e
Rule name:SVCReady_Packed
Create hunting rule
Author:Andre Gironda
Description:packed SVCReady / win.svcready
Rule name:win_svcready_w0
Create hunting rule
Author:@AndreGironda
Description:packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/297286/

Comments