MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c
SHA3-384 hash: 79a212b62de4378a92587cce50bbd1eb54efb4405f69115bdcb91d3b7a74a8bb1184ad0ca5ce8894e570e5493a541f70
SHA1 hash: 10b77ad9b6c03012630a3cca9f24d2d702cee70b
MD5 hash: bfb882909fbbd78045d8f8ef4b8bc717
humanhash: cold-spring-network-jupiter
File name:SecuriteInfo.com.W32.AIDetect.malware2.31240.18003
Download: download sample
File size:811'008 bytes
First seen:2022-08-10 16:33:23 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0f063ac472552ed0da6bae980410a3a5 (4 x RemcosRAT, 1 x DBatLoader)
ssdeep 12288:GUywFbPxwsZujvtAe76JlDgeIDQlS4nSz7eIa3fWyMhk2VqKoS:j9lxZZupAeC5geEwS4nSz5yalVqKoS
Threatray 802 similar samples on MalwareBazaar
TLSH T1B3059D32F2A3EC32C15B45BBEF3BD168C8A52E15693DE59527D81F780BB1B11A60B143
TrID 28.5% (.SCR) Windows screen saver (13101/52/3)
22.9% (.EXE) Win64 Executable (generic) (10523/12/4)
14.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.8% (.EXE) Win32 Executable (generic) (4505/5/1)
6.5% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon b2b0aca6a6baf66a (4 x RemcosRAT, 4 x DBatLoader, 1 x Formbook)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
226
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.AIDetect.malware2.31240.18003
Verdict:
Suspicious activity
Analysis date:
2022-08-10 16:35:22 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7c4eb0f3-e65f-4525-99aa-87e61a74ae3e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/297709/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware2.31240.18003.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.W32.AIDetect.malware2.25061.23586.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28535/overview
Behaviour
MalwareBazaar
CheckScreenResolution
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
keylogger
Link:
https://www.filescan.io/uploads/62f3de3f810e2831b734dfcf/reports/54d95fe1-523c-43cd-ad34-9d58a255ade7/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/659cf900-3b27-4ea7-a72f-f9016bdb9c84
Result
Threat name:
Unknown
Detection:
malicious
Classification:
expl
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1049380
Signature
Multi AV Scanner detection for submitted file
Yara detected UAC Bypass using ComputerDefaults
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c/
Threat name:
Win32.Spyware.Noon
Create hunting rule
Status:
Malicious
First seen:
2022-08-10 13:40:36 UTC
File Type:
PE (Exe)
Extracted files:
40
AV detection:
14 of 26 (53.85%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3j2p5lu6jdfmxjducfl7b6ejyuzi3gxateyzq3a3pvnuecdypuoa._file
Verdict:
malicious
Similar samples:
0454c0078d232502c16596fb561e698d11c2d68c1905d68a9578385a6a116a00
35cf771ddfdab8d8f18d4ee2b4841602be4bc77f9d952ecd5f9e870160cfe8f8
663b7bc66499e507ca1f8fad6e42195a54fe242db3cc71bf4762952fe04ce5ee
6b8b620534b94530ba467af917e0365640b83b1edd8a39eaa00ebf441e2e34c0
7d5c7b03dcc7496b6dfb7f5726b3901d48da7ed3dd8e6d171db278e7ba9902b0
8043ea1eec1337542f54a3da01248f048588f43c2f5a434d425775dbb3ddd6b3
88502779764c4ceacff4b4a39a389bf13389b734f99e76160c865a2da6d21bee
925e3fe8b8f4fa60dcfc261154c3fc8a6d296efcdb83ab1a18e710fa150090f1
bc061c3fc38da5c64b98ca941334021a3588891eed56ba0458f5f3ca6b364081
d09e0e3cdb3fa52dcea7852176dc97aac0741e85b22bd088fd0bf0633e3f3bbb
+ 792 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220810-t24sracebr/
Unpacked files
SH256 hash:
be19099ca8630b908437d9d5ef50fc58986b4e22d291050bfa9070c314881783
MD5 hash:
74ae6232917c537300e2f28263b0147a
SHA1 hash:
b2b12b1d16059a3b412b8437b9841e0eb07d4f85
Link:
https://www.unpac.me/results/ad37125a-7e11-4882-8944-5397bdacceec/
SH256 hash:
da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c
MD5 hash:
bfb882909fbbd78045d8f8ef4b8bc717
SHA1 hash:
10b77ad9b6c03012630a3cca9f24d2d702cee70b
Link:
https://www.unpac.me/results/ad37125a-7e11-4882-8944-5397bdacceec/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.50
Link:
https://yomi.yoroi.company/submissions/da74feae9e48cacba4741157f0f889c5328d9ae09931986c1b7d5b4208787d1c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/297709/

Comments