MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd
SHA3-384 hash: 28feea60018c9aef1a382b87a609988970056a159795e4fb6dc354c93efac31aaff07bef86e39e4e43a223c0ad62fd67
SHA1 hash: 47aea74e0ede9e97cec1bfc54f976d4a41d36b9a
MD5 hash: 76eb173cc8dc3afef173e1105b4073e1
humanhash: california-early-friend-lima
File name:SecuriteInfo.com.Trojan.MulDrop24.49993.19145.21478
Download: download sample
File size:2'940'832 bytes
First seen:2024-01-20 15:25:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:UILvDAKwJnlbjZtmAB0d1ix3SrFGD7if7EuEFzvaDEReUkYPDxndiS2FUGUfQv0g:U4uJlb1tms0dkMrF6QEhCD6eUDriS2FV
TLSH T156D523207AD08473DD722A3250215F21AA7DFC302F75E9C7B7A8655E9E224C1DA337A7
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
367
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471874/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop24.49993.19145.21478.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm evasive explorer explorer fingerprint installer keylogger lolbin lolbin overlay packed packed remote rundll32 setupapi sfx shdocvw shell32
Link:
https://www.filescan.io/uploads/65abe6123a0cf312d517f24f/reports/c89938d5-cd95-40c0-92c4-f05adecdfb58/overview
Verdict:
Malicious
Labled as:
Malware.Dropper
Link:
https://www.hybrid-analysis.com/sample/c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3ffbed8a-26a7-4a89-9a90-c2f010c59b75
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
16 / 100
Link:
https://www.joesandbox.com/analysis/1378000
Behaviour
Behavior Graph:
n/a
Score:
15%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y4f2r2gh66mtxl4hqecblxwcsjxsafhpqgwxlponqgp2dmlbm26q._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240120-st7c8scbdp/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
f1afa04fe43dc7add7b76ac940ead56790c5a7a20c32f286c6444037723f194b
MD5 hash:
0662e24178387c32b01490427e752707
SHA1 hash:
234f412252d3942cf1a2dc822b3c47feb47cedbb
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
e87643be795f711d91d527dbd6132fdb60a292cd170be3521cdbec6911d4ceeb
MD5 hash:
c6f2eca2d2b3f3ed647b300ac61bfeae
SHA1 hash:
244ce7606199ebd2b22c06f2b65cfc437348cf96
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
de5c0fd58fc5aed4f74aa578e18d66c490441bffd06284f2980233239f7e6fc0
MD5 hash:
608dcb09e4fc41ebae7a2a0e09e13aa1
SHA1 hash:
88a5b29b44ac324c24b590694cbe6742be24b4e6
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
a481fb3bb23d4e046e02d42bbb465bc2a8e172f061ebd11d377982bb26d8f21e
MD5 hash:
f037fb921e597eee2c7646bd0bef524b
SHA1 hash:
3d18f400adcc413bdb39bbd9686aab7dcdd4d37d
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
9ed65798047f3fb70d492c7a85845c1085d1ccce052f7f91e992f24364c24e46
MD5 hash:
e8a20a59538161ea57fc364c7825c4ae
SHA1 hash:
d3d3efe54994c2caefe2bad0f545073dd1831247
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
91b8640132bd44710af7e729221b0e30fe5e5fe61b1166b01384e6a9def20904
MD5 hash:
0d535870bc77492f3ce18c93b3dfb14e
SHA1 hash:
38fd98955741a6d82d70a04ae37de491bee69c71
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
81bbabc1835e01d689c5851b72794f254be7f4db37be0601a71adfcc1e8af540
MD5 hash:
9872479e290df9e3dfb813ca71d87724
SHA1 hash:
57b8918cef52aa697339385761bb0a4b5733defb
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
7cb128a8db25210129690f1aea7b0d545689d449962f5cc69cb22e5070f59fe5
MD5 hash:
feff98d7e16a9e3916d844676766a356
SHA1 hash:
655cc5b5e4f8d0eea262607873a5d0480d4f9e8c
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
6fccd4b33f55d34b7fb30731874fcf02722783c7dd2199f120fb233f10609c4a
MD5 hash:
8789d371ff3c9b47d6173ad777a2af27
SHA1 hash:
ef7086e6fdfc7da21901525e059c9bc25ea9bb42
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
647bd8887ac6d1b9695ff11f2768611ce5f8053e73cbe50ca8f5e6b77b734f20
MD5 hash:
a1e4e63580f598ee78878bbd66a1f5b0
SHA1 hash:
ce159582ffe116864162a35f7ec978393348cbe9
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
61dcb6d05de78c2d38d203abd2ecb434b1ca611c857412f9b17735477adc3f10
MD5 hash:
f1aeabd71058d66843e5afa554415123
SHA1 hash:
f0e225f6ccda9e95f6b997d3bc19a91bde1d0228
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
57d6ceadf8f637e5b67a68f8c9f5e560ae8bb02c2ebd0189a47dacd96d923b26
MD5 hash:
0c452ec620100167ffc47a1756a310f5
SHA1 hash:
933de6ec10ea6236cb1bc465fbeb5b7fbf373e92
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
424e1c214fe48e17435fd9839d959dd03f4b88dee19e0a46e0ed96afa2758176
MD5 hash:
05857ac5f7ea90a18cf886482cb78b71
SHA1 hash:
4123878c56ea88ecffea59514f73b186e4f433fa
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
41151848d67d2662e437bcf68f73015cfbe0d8770e40e63da7f22c4db3a6b3b6
MD5 hash:
fba55431489241031b31c467dca96cf0
SHA1 hash:
731e5fe204dca1d360dee6095dcf52718b920148
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
256eec277641907ceb4f5052b860c36138c1bceb5c16cfeead20bd4dcecdc46a
MD5 hash:
d0f721d693008fb2d6f7f1d026dcfc03
SHA1 hash:
715964d4a3a8dca7ba3f1c45d0f56e067b08bfde
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
0dbe0435fcf0962cccd3a584594671fe5cf44ecf4d6d9ec149cc5ba57a95944f
MD5 hash:
574da4bd912c9782b0cd6b1b969000bb
SHA1 hash:
c9ac2fe866b8ae4b0d383a5b3c4e06e7af6a7779
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
SH256 hash:
c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd
MD5 hash:
76eb173cc8dc3afef173e1105b4073e1
SHA1 hash:
47aea74e0ede9e97cec1bfc54f976d4a41d36b9a
Link:
https://www.unpac.me/results/da4a9707-72be-4716-92fb-f8f465472bf7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c70ba8e8c7f7993baf87810415dec2926f2014ef81ad75bdcd819fa1b16166bd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/471874/

Comments