MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d
SHA3-384 hash: b1ab8fc0a8a753b7901be97f112ba6134afdcd01067eed0b3388c637bc8e4162552bc5357214c5c316d2bd54bbea6bc5
SHA1 hash: 6d066414148774210a81727c257ffed73f2cbe6f
MD5 hash: 1305439ddafde5db447c466b99b695cd
humanhash: gee-arizona-river-uranus
File name:Mzuqtuia.exe
Download: download sample
File size:1'716'736 bytes
First seen:2022-10-25 11:58:07 UTC
Last seen:2022-10-28 21:17:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:lPWrE3x9FnbTmYOR+6LWtbpnmNUgvHlJ7OpSWkxJWH4XuVosyHrVorywxPtTDrTG:PZ5Ky9gvlDWAFGoh8y0vfF
Threatray 3'145 similar samples on MalwareBazaar
TLSH T147856CF4A0AB04D5E8079DE1593C7DE6063172F38DE90590133D7B484F6BEB9AE0899E
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon e0c8cec6c6c6c0e0 (3 x BlackGuard, 3 x Formbook, 2 x MassLogger)
Reporter cocaman
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
223
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Mzuqtuia.exe
Verdict:
No threats detected
Analysis date:
2022-10-25 11:58:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4806b31a-5532-4890-852c-d735b0b6a59f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323999/
Detection(s):
SecuriteInfo.com.PUA.EmbeddedEXE-1.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a recently created process
Creating a file
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Creating a file in the %temp% directory
Reading critical registry keys
Stealing user critical data
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff0b65c2-5375-4dcc-8cce-d22df994a431
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1097519
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d/
Threat name:
ByteCode-MSIL.Downloader.Seraph
Create hunting rule
Status:
Malicious
First seen:
2022-10-25 03:39:28 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
3
AV detection:
20 of 26 (76.92%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3nthr7smfhgmaqcxtaawav2v4tkeeo5xjrwtnngocdj7o62riv6q._file
Verdict:
malicious
Similar samples:
36f236ece6077f65bf5513daa3fc779863f6027b62950137f606ef448fc7727a
6d62cebf308b5ab873d98e0447c68f936bc34addeb924eb8ef972072ca13d4bf
768e07081c36c61c7ca4cc6c996c99e128adb6d137ad5c4f15f14edd17e492ca
8785300bc02bbf034417c477db91c121123b31b1eaf24fc0f74ee11e11ec058c
b78d348dc8a28e80d79acd9118ea488c502a18c30b211a03edd4cfd59715090f
cbab4cfcbca79f53ed3faf1ea4fc48270b44c50529a96698c3b5ab250e438454
f333b87b79d0fbf142976bb401a082f189b00c49e65a3ad7b1ed5b8f33320ba0
fc268662edbe596dd986f418d8a12e492040ed094f0ca43cd68471c632597fa5
+ 3'135 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
collection spyware stealer
Link:
https://tria.ge/reports/221025-n5qgmscfc5/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Suspicious use of SetThreadContext
Accesses Microsoft Outlook profiles
Checks computer location settings
Reads user/profile data of web browsers
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e6245592-2b3d-4e1b-84f9-1d83c4b62788
Unpacked files
SH256 hash:
db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d
MD5 hash:
1305439ddafde5db447c466b99b695cd
SHA1 hash:
6d066414148774210a81727c257ffed73f2cbe6f
Link:
https://www.unpac.me/results/5acbbd77-708a-472e-8612-473d0ff64c98/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/db6678fe4c29/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.51
Link:
https://yomi.yoroi.company/submissions/db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3

Executable exe db6678fe4c29ccc040579801605755e4d4423bb74c6d36b4ce10d3f77b51457d

(this sample)

  
Delivery method
Other
  
Dropped by
SHA256 2080069691d3e6beca8a9a24dd9c8284d4cd09738fab103b91497377a0f84aa3
Cape
Cape
https://www.capesandbox.com/analysis/323999/
  
Dropped by
MD5 e9c6cd26bfe85bd271f8e183511828c5

Comments