MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d
SHA3-384 hash: b0a2cba0daeb0b597554a748f9f884026ab000f0b071558d694d3569652b6cd8a6395ad87c8945657e744758df886cca
SHA1 hash: 30fe926526cdbcb9598c2d263b90dc6a959d5fe6
MD5 hash: 21fe59134a16cdc774f6033cfe81d2c3
humanhash: music-apart-wyoming-paris
File name:cgdifn.msi
Download: download sample
File size:1'163'264 bytes
First seen:2021-07-21 08:22:02 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:nEnRmJkcoQricOIQxiZY1ia/AGh1M9q7I0dMZIDL:nEMJZoQrbTFZY1ia/AwMshgID
Threatray 285 similar samples on MalwareBazaar
TLSH T15F35E122B9C68036C2B327B15E7EF769963D6D260336D29727C83D315EB04816B39763
Reporter JAMESWT_WT
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
79
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/172946/
Detection(s):
Txt.Malware.LodaRAT-9769386-0
Create hunting rule

SecuriteInfo.com.VBS.Dropper-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/819389
Signature
Multi AV Scanner detection for submitted file
Uses dynamic DNS services
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d/
Threat name:
Script-AutoIt.Backdoor.LodaRat
Create hunting rule
Status:
Malicious
First seen:
2021-07-21 08:17:51 UTC
File Type:
Binary (Archive)
Extracted files:
28
AV detection:
17 of 45 (37.78%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0418e3df48284da14ab4d183c6d5d6ec3f37e3bd2b7be5439840d8409e620c32
38e5fde6988bbf02467d7b59ba15a3dfbdaedfab4804c60cf3ae44db6b48a844
65a59e303768c300ddda71f068996d02af3f154dc48f72c958ec5da2a1260f9c
6d833bd671f179c8dfdf89aac0bc77cd7bb49f82a98cbf5d8122a9d47fa98e9f
6f7d9ca4731544fea8d56ad9b367f0b3018198376ab73c492f5345a83ee07106
85ac52fb1a85659b8aa0ee82a62720f55e2d3731870927ab82539bdd7c3908fa
adfe2c7e157726a346f6682a7d7ccf6fbe6aa884fafe24522f9616c4f8db19e6
c5b5ff5c176413573053cc64019bff9c9ca516d27fcbf2611505083c892c2751
cfeca443205d577304ec09ae494c96556eb60d80bd9be772ffaeac389043bd92
dce0fd32e1a722b27a3d60dc55016edbbfe763d3ec5aa10de6a6455e062b1432
+ 275 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210721-186ftq4y3s/
Behaviour
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in Windows directory
autoit_exe
Enumerates connected drives
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AutoIT_Script
Create hunting rule
Author:@bartblaze
Description:Identifies AutoIT script.
Rule name:Executable_Converted_to_MSI
Create hunting rule
Rule name:INDICATOR_MSI_EXE2MSI
Create hunting rule
Author:ditekSHen
Description:Detects executables converted to .MSI packages using a free online converter.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi d1ae3ed0e65a3e85becdaea040af72e64f84aaf2e97dd62ba55639a81265d46d

(this sample)

  
X
https://twitter.com/ReBensk/status/1417718897793404928?s=20
  
URLhaus
https://urlhaus.abuse.ch/url/1470382/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/172946/
  
URLhaus
https://urlhaus.abuse.ch/url/1470680/

Comments