MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57
SHA3-384 hash: 0384cfed4caed5964cb9314a83bbf1d8119854e8a3ca75864357051065dc2e1d9a8e8f88c593eb86a5f12d3a4cee29c5
SHA1 hash: 6e6b9aa626f761d06d13192b05191259afafba37
MD5 hash: 61dbe6134e97a2910bb7b2a1e04a5de5
humanhash: early-monkey-pip-spaghetti
File name:SecuriteInfo.com.MSIL.Agent.LYU.tr.31851.15300
Download: download sample
File size:115'712 bytes
First seen:2022-12-08 01:29:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:oxloGiI9Y7DXcGiIzXGVYB6Ju15gVA6F2DU:orNDa7zcGi8
TLSH T1ADB3B5B267A204E7D64D6B7E0655FB7D04B96F85FC8A83073B887A0C8D3AF214E54C25
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon fcdef9e9e9f99ffe (1 x CoinMiner)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/344167/
Detection(s):
SecuriteInfo.com.MSIL.Agent.LYU.tr.31851.15300.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Sending an HTTP GET request to an infection source
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/63913e1d527933be940d5607/reports/f0ae5cae-f051-4a74-abe1-fcec638cc07f/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Quasar RAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/d59470f4-ff6d-45eb-af25-df4d4e09930c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1130399
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Encrypted powershell cmdline option found
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2022-12-08 01:30:23 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
12
AV detection:
16 of 26 (61.54%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xefuy4nqqm43h3upvkxbekwoajzogyfnnqaupwpjalallpm3h5lq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/221208-bwvc1sgf86/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0e3305f5-6437-41f1-9140-3cf53e47e3d3
Unpacked files
SH256 hash:
b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57
MD5 hash:
61dbe6134e97a2910bb7b2a1e04a5de5
SHA1 hash:
6e6b9aa626f761d06d13192b05191259afafba37
Link:
https://www.unpac.me/results/d1f08dff-1f9f-4b62-bc00-41e4d3e7f16f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.60
Link:
https://yomi.yoroi.company/submissions/b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b90b4c71b08339b3ee8faaae122ace0272e360ad6c0147d9e902c0b5bd9b3f57

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2450781/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/344167/

Comments