MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 5 File information Comments

SHA256 hash:	c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848
SHA3-384 hash:	c79ad10f47dbeda72175191c384f3e5e053f03d815bf9b92966a67d13a164bebfb1578ab40fae69112e6be38807ae560
SHA1 hash:	1dce1c81502716e6ae1d656d5c9f83e1cefb06e4
MD5 hash:	81a117520fc8830ca53f76a687533f2c
humanhash:	dakota-johnny-lake-red
File name:	SecuriteInfo.com.Trojan.0057fd391.23548.4449
Download:	download sample
File size:	808'057 bytes
First seen:	2023-04-02 15:45:54 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	deba71fcd4e68e93af678f2a5e291977
ssdeep	6144:2FwT7boSP1pSA8XaMYhtJum8mAOjeYFXXd:9/boSPiXihtJuYX
Threatray	30 similar samples on MalwareBazaar
TLSH	T11C054A01BDD1C826C4751638C89787F55662AC61DEB08E177ACC3F9E3FB23886A72B15
TrID	22.9% (.EXE) UPX compressed Win32 Executable (27066/9/6) 22.5% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4) 14.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 11.0% (.SCR) Windows screen saver (13097/50/3) 8.9% (.EXE) Win64 Executable (generic) (10523/12/4)
Reporter	SecuriteInfoCom
Tags:	dll

Intelligence

File Origin

# of uploads :

# of downloads :

234

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/379373/

Detection(s):

PUA.Win.Packer.Upx-45

SecuriteInfo.com.Trojan.0057fd391.23548.4449.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a custom TCP request

Verdict:

Suspicious

Threat level:

5/10

Confidence:

83%

Tags:

explorer.exe greyware overlay packed shell32.dll

Link:

https://www.filescan.io/uploads/6429a3505a075383fbff175c/reports/c0b27918-ce44-4599-b313-319b47500898/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/6a46093c-ddea-4c6f-8656-e9f8bb71c20a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1206618

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yxjewsrbwxhgh2uhkj3y4nyft6p5b5gxhc3wb5wahmvzal3h7bea._file

Verdict:

unknown

45982d6a7674a3ff4d2f28e95963d74729e0cb3059c08ef2e4c235182bf4591d

485a5454645f5d90d1b3097336b08dcaa9d4b49db9738a2f953e81081002600d

638d840d131eda4e2af96e320cebb35c9b3c660c94faa8f74d239daa1e2d3810

6ce171619dd97a51a8d5e6a4eaeea86f4fea6ed400c9e0a879b690b4fbd0a6b4

7c251123eb36d87a056ea6f68a795ba35595090e4f46b3e38e04a52bb9851cd2

837b440949fc77add8605b039270d7c479f63b8d1e0e8a45c8da16d20858ba0f

8e6ab3fa1fd0a8bcef6b042cd9f0120847180ec1e57b10c28336ace670470e22

94b85015bb3beb57e1810aec53712b8158fa10e3a970b0ee65484be34b3073cd

+ 20 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/230402-s7rjyahb25/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

UPX packed file

Unpacked files

SH256 hash:

bfd3230255c45706a418293d601955bdb443f6f5fe2f77996f3aa11355eb5a90

MD5 hash:

4e7bb2ac306f4fc11471af9a53bcdbff

SHA1 hash:

9c72bd06db08b018730eae464f00b8d7a4f41991

Link:

https://www.unpac.me/results/76b55e22-66f9-4195-b7bd-a0a81df28c1a/

SH256 hash:

c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848

MD5 hash:

81a117520fc8830ca53f76a687533f2c

SHA1 hash:

1dce1c81502716e6ae1d656d5c9f83e1cefb06e4

Link:

https://www.unpac.me/results/76b55e22-66f9-4195-b7bd-a0a81df28c1a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.03

Link:

https://yomi.yoroi.company/submissions/c5d24b4a21b5ce63ea8752778e37059f9fd0f4d738b760f6c03b2b902f67f848

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	shellcode Create hunting rule
Author:	nex
Description:	Matched shellcode byte patterns

Rule name:	Suspicious_Macro_Presence Create hunting rule
Author:	Mehmet Ali Kerimoglu (CYB3RMX)
Description:	This rule detects common malicious/suspicious implementations.

Rule name:	without_attachments Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the no presence of any attachment
Reference:	http://laboratorio.blogs.hispasec.com/

Rule name:	with_urls Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the presence of an or several urls
Reference:	http://laboratorio.blogs.hispasec.com/

Rule name:	yara_template Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/379373/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample