MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


N-W0rm


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8
SHA3-384 hash: efd568ab47a8e7b43456b289a73941ad9826f34aac22415b9fdfdfabaa089c88418518caabfc73bc3973bf1a86e1cdc3
SHA1 hash: ce64040f538a9fab12272102dbd9961ddb91c6d8
MD5 hash: e3736535bbd23e76596d374e032d943e
humanhash: indigo-delaware-ohio-lion
File name:Uzlrz.exe
Download: download sample
Signature N-W0rm
Create hunting rule
File size:604'160 bytes
First seen:2023-06-19 16:42:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:Pgw2QkCWe6IHF9Yu8qsrmcAynlDH/Y7pKn2zSbX2TRG67dyMvAM:r2bZd2FGqEuUDHgpK2e768SN
Threatray 2'127 similar samples on MalwareBazaar
TLSH T179D4232178863154EE1C46BF945E470920D3AB32F5057BA7E80B4253A3574BA21EAFFF
TrID 56.5% (.EXE) Win64 Executable (generic) (10523/12/4)
11.0% (.ICL) Windows Icons Library (generic) (2059/9)
10.9% (.EXE) OS/2 Executable (generic) (2029/13)
10.7% (.EXE) Generic Win/DOS Executable (2002/3)
10.7% (.EXE) DOS Executable Generic (2000/1)
Reporter ULTRAFRAUD
Tags:exe N-W0rm

Intelligence

File Origin
# of uploads :
1
# of downloads :
309
Origin country :
DE DE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Uzlrz.exe
Verdict:
Malicious activity
Analysis date:
2023-06-19 16:46:19 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/afd59677-b32e-450d-8665-5c570b34910d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/400611/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.68009.25562.341.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/649085991bc6cbebc9b579c7/reports/c2ed0036-9502-4d36-8e3c-bdb2dcf4b0a9/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/15a13845-1062-409e-a040-c173a7ba969c
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/1257605
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Snort IDS alert for network traffic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-06-19 16:43:08 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
1
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4cbsfuu7o5efpgrisbbgrxctwzvmgfmnutaim4olb4vfifqlcxea._file
Verdict:
malicious
Similar samples:
0e26bbb3236e15e0ba06e697c49c89d2b23f203d59e593b284221d1f431f73af
N-W0rm
36cea9a517889dd607921a87d2bd9ed04b2de4c465f17d52bd1e399aa979da83
N-W0rm
4a8da72abff64bcf80a2500077504588b720180b7694203bdb2434fa075fa7fa
N-W0rm
65a73b946adeca7edc624d85c9af02b3d607e1e65df2580a32fb143b9c40fc7f
N-W0rm
68196bed39db5006cfcac65244c0e065e946550b9eec44257b806a5d647b66da
N-W0rm
79a7c9d15971c14d78baccbf211b3ca1e9adcb0befc6d3d1c5d92902d70678e2
N-W0rm
82a3a3234c7dbddf79b32b1cf05cd7d5806512824d0536edcbce4dc529519d92
N-W0rm
84c18f78f11b9bc3fd3e96925d2a7b76ab5ecfb927c377ad27456e191815b24a
N-W0rm
9206df8f28b1540fa4f76fc385b2d786fadaef5cf7b0e24e5218ff7fff0fcbad
N-W0rm
9ff71b633c947942d5b2b4ffdc0e771c9e167ae1cf07dc126ceaccdf4891ae9c
N-W0rm
+ 2'117 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230619-t78znagc31/
Behaviour
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8
MD5 hash:
e3736535bbd23e76596d374e032d943e
SHA1 hash:
ce64040f538a9fab12272102dbd9961ddb91c6d8
Link:
https://www.unpac.me/results/9d067f71-b606-467b-9df6-5eb23a9ae3c9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
iSpy Keylogger
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

N-W0rm

Executable exe e08322d29f7748579a28904268dc53b66ac3158da4c08671cb0f2a54160b15c8

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/400611/
  
URLhaus
https://urlhaus.abuse.ch/url/2666537/
  
Delivery method
Distributed via web download

Comments