MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492
SHA3-384 hash: 8517d622153e6045561c32f99d2fa8b409cd143600c009de151be62e73d3df549909da3200e530ff4c69336ae96fc7c0
SHA1 hash: 2455140656cf1ad10c9d5c8c889fd3fe2f1cb5bb
MD5 hash: 4630a13c8a6c4d5c39b97c28126dff9f
humanhash: solar-single-delta-burger
File name:SecuriteInfo.com.Variant.Bulz.664852.8718.27643
Download: download sample
File size:694'272 bytes
First seen:2021-09-03 13:21:05 UTC
Last seen:2021-09-03 13:49:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 946c7b5f0ac6d3a47863eb46459f9075
ssdeep 12288:CHGqRJHO4pMetgC8bzbBSregUnVgFK/UqWgemFVb:CZRJHvkJX1VcLgeyVb
Threatray 2 similar samples on MalwareBazaar
TLSH T1AAE4AF57F3D7F6B4E6BE827A86B1C92C5277745602B0938E774075892D22392893CB0F
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
202
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
PO# HM00050746 .xlsx.xll
Verdict:
No threats detected
Analysis date:
2021-09-03 13:21:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/81f325ef-f2f4-411d-a687-26c0980ccbae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/185196/
Detection(s):
SecuriteInfo.com.Variant.Bulz.664852.8718.27643.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Creating a file
Sending a UDP request
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/43bd1f23-646d-4efd-ad8f-62c77d3f7f28
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/844857
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 477288 Sample: SecuriteInfo.com.Variant.Bu... Startdate: 03/09/2021 Architecture: WINDOWS Score: 48 40 Multi AV Scanner detection for submitted file 2->40 7 loaddll64.exe 4 2->7         started        process3 process4 9 iexplore.exe 2 84 7->9         started        11 rundll32.exe 7->11         started        13 cmd.exe 1 7->13         started        15 14 other processes 7->15 process5 17 iexplore.exe 5 144 9->17         started        20 WerFault.exe 11->20         started        22 rundll32.exe 1 13->22         started        24 WerFault.exe 15->24         started        26 WerFault.exe 15->26         started        28 WerFault.exe 15->28         started        30 3 other processes 15->30 dnsIp6 32 tls13.taboola.map.fastly.net 151.101.1.44, 443, 49709, 49710 FASTLYUS United States 17->32 34 geolocation.onetrust.com 104.20.185.68, 443, 49695, 49696 CLOUDFLARENETUS United States 17->34 38 9 other IPs or domains 17->38 36 192.168.2.1 unknown unknown 20->36
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-09-03 11:15:11 UTC
AV detection:
12 of 28 (42.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y7ri6cql7urlumcbjpuozu5er6naiu3jgvyjssuiyxsq2z5y6sja._file
Verdict:
unknown
Similar samples:
02fb8eb6c513e90738234def1f0ee6869d25af749ba3285b9b979ed33c3ec2e9
4d722ed2510391ddcfc520cdfff4d6bd8d4f1366aa50a82a925fc6d35db5f388
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210903-ql86ragdej/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492
MD5 hash:
4630a13c8a6c4d5c39b97c28126dff9f
SHA1 hash:
2455140656cf1ad10c9d5c8c889fd3fe2f1cb5bb
Link:
https://www.unpac.me/results/2c7c5548-28fc-45bd-ae7e-3dd4625160e8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c7e28f0a0bfd22ba30414be8ecd3a48f9a0453693570994a88c5e50d67b8f492

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/185196/

Comments