MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

PureCrypter

Vendor detections: 8

Intelligence 8 IOCs YARA 1 File information Comments

SHA256 hash:	ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f
SHA3-384 hash:	e41c699df43ffb0befde7223086819f4d96d31b3cbd7f6a4813a2dfeca51c998e444bb056f9116b241711e768033d4ae
SHA1 hash:	62668cbf834b07a50f0b0902673d2603478e18af
MD5 hash:	e145132f66c1fe937d3f8a5fc22b0a40
humanhash:	minnesota-kilo-network-october
File name:	e145132f66c1fe937d3f8a5fc22b0a40.exe
Download:	download sample
Signature	PureCrypter Create hunting rule
File size:	23'040 bytes
First seen:	2022-09-19 08:23:25 UTC
Last seen:	2022-09-19 10:03:34 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	384:/AiFLNiQFMThK0G3Tohd3Id/mfLhk0fhmnkC1rK+nx2c908k5SG2vHJ:BFLcoIh5GCVjTB4nkGOBr8i0p
Threatray	2'117 similar samples on MalwareBazaar
TLSH	T19EA2F761724CEA51C9ADCF79C493D7900FA2E961D561CABB3AD0334E2D2239EFC21346
TrID	63.5% (.EXE) Win64 Executable (generic) (10523/12/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):
dhash icon	d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter	abuse_ch
Tags:	exe purecrypter

Intelligence

File Origin

# of uploads :

# of downloads :

306

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

e145132f66c1fe937d3f8a5fc22b0a40.exe

Verdict:

No threats detected

Analysis date:

2022-09-19 08:27:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8dcfa340-2853-4c81-aeaa-4e97ee7c2b76

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/311257/

Detection(s):

SecuriteInfo.com.MSIL.Agent.LXR.tr.2137.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Sending an HTTP GET request

Launching a process

Creating a process with a hidden window

Sending a custom TCP request

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6328273a18e6e2d239dfb3e4/reports/b5352789-f26f-45b0-82d4-1ca6b6ee79ec/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Formbook

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/2049e7bc-ddff-44c6-8d27-de421c86404d

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1072799

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Encrypted powershell cmdline option found

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f/

Threat name:

ByteCode-MSIL.Trojan.Injuke

Status:

Malicious

First seen:

2022-09-19 08:24:10 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xj7li2p6tq44t3lcorjkvefhiuznqjdoje7bwvnt6pv4a6oula7q._file

Verdict:

malicious

Label(s):

asyncrat

PureCrypter

15e2f966937440c34a383f8a2df6fa8b380fbc858b7560e3129f563296e17fbb

PureCrypter

1628c7c85f687216c70bd768b4023e13693dfad1aef819de70d54cd82d39fe3a

PureCrypter

378e955a6f493ef2b46ed3532845e352a51109867b12db4b561b64c301fb3166

PureCrypter

3d538725fd27edb771e7e5c07a11508d7363dc6f0bdb438240bd34eae746aeed

PureCrypter

3fba4c2bac1363433553b57b389916f759be99e350e8003bf3d2a5584ebe5f46

PureCrypter

c6dd3230844ddd812a8db028769fcaa7b87cd08535acb9c7c843455335a81c86

PureCrypter

ce64e9ecb6eafed95cc5fbe2b1f7eb84046a6f9cf93c344724fe7052b97a67eb

PureCrypter

+ 2'107 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/220919-kaq8xacbgr/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in System32 directory

Suspicious use of SetThreadContext

Checks computer location settings

Loads dropped DLL

Executes dropped EXE

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/073233f6-0bbb-47ad-aa37-ee3bff9c7807

Unpacked files

SH256 hash:

ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f

MD5 hash:

e145132f66c1fe937d3f8a5fc22b0a40

SHA1 hash:

62668cbf834b07a50f0b0902673d2603478e18af

Link:

https://www.unpac.me/results/15bc9c46-7d91-4f5e-8427-eac86bd7d463/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/ba7eb469fe9c/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.44

Link:

https://yomi.yoroi.company/submissions/ba7eb469fe9c39c9ed627452aa90a74532d8246e493e1b55b3f3ebc079d4583f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.