MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 6 File information Comments

SHA256 hash:	e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559
SHA3-384 hash:	b85948bf6b4faacc06c6e359761e01e31f36386c9459f531237a148bbb3e48ef9ce38ba4ff9fd0bdf485bc4e5d494408
SHA1 hash:	4281072875fc6b223fe3be38f2164e873a68f031
MD5 hash:	6ee4d16a922c7c410c48a2d7dc55ece5
humanhash:	chicken-oranges-mango-virginia
File name:	Trust Launcher.exe
Download:	download sample
File size:	4'672'512 bytes
First seen:	2024-07-10 16:41:56 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'661 x AgentTesla, 19'474 x Formbook, 12'208 x SnakeKeylogger)
ssdeep	24576:2gU6NieovQ2fTj8PDQCe5WXCjTZ18uv76/+3p8RIlRQVaU/DU/G24E10X9rjwFco:2KNiQEcGT710q6RIIwemixRD4
Threatray	24 similar samples on MalwareBazaar
TLSH	T13B267B0177A08926D17EBF7AE8A3011C4BF2FC01EA75E69AB5C4F24D0B573D96842763
TrID	60.4% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.8% (.SCR) Windows screen saver (13097/50/3) 8.7% (.EXE) Win64 Executable (generic) (10523/12/4) 5.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):
dhash icon	0429f8f8f8f02804
Reporter	aachum
Tags:	exe LummaStealer

iamaachum

https://ibf.tw/3Lbmp
C2:
https://bouncedgowp.shop/api
https://bannngwko.shop/api
https://bargainnykwo.shop/api
https://affecthorsedpo.shop/api
https://radiationnopp.shop/api
https://answerrsdo.shop/api
https://publicitttyps.shop/api
https://benchillppwo.shop/api
https://reinforcedirectorywd.shop/api

Intelligence

File Origin

# of uploads :

# of downloads :

396

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

https://download2353.mediafire.com/8gpylgdgtwdgnIlMWf_2hc7L7FLV4nYlAlR5HWgFfd5T5qlGaoUaV5-sENVUx1RyctdqwPpwBBknTVrZOrZl_N-QVyq7JTAAbIYDU09KHt97tLzOL2Iqzw0y5MoV620Lmi88N5EQZuv2T-mlYyhl3wnuBzGpTyYavn3vVRfBbc6GgQ/h8dah7b7junopfn/TrustLauncher.exe

Verdict:

Suspicious activity

Analysis date:

2024-07-08 20:26:21 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/2d8c5566-c6d2-4fbc-a0a0-1352a6afd5b9

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=668eb9db6df1b20b8ec46e51win7simulatehigh_evasion

Tags:

Malware

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

91%

Tags:

anti-vm packed

Link:

https://www.filescan.io/uploads/668eb9da7a9d1652006fdf6f/reports/601ad253-6ed3-4a84-a671-567becd5992d/overview

Verdict:

Malicious

Labled as:

GrayWare/Wacapew

Link:

https://www.hybrid-analysis.com/sample/e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/0b9cc3ce-1e46-437d-825c-823de3298967

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1470951

Signature

AI detected suspicious sample

Yara detected Generic Downloader

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4ervh5gv62fovescjtzus4ttqeupyaip4t7da4wxbghzukm62vmq._file

Verdict:

unknown

19533814332c60c59578bef3243537f5b723a0fbb13a649d1e8659171f4a97e9

2b6c6b7a7b4ea5723a15a92ce376e7818f7ab58f4dc5944275932440bf4e2b09

5f64ca9921cd480551dd71c6791bfa8c4a26ee8e24fd12cca063536350d8fdfb

6b446c595c43f7865d622bbb1fba8a5f9eb29417ad5804eaba868789df87a183

c72cce50564c666c535d1dde59af8e380ad592d0f9a221f005e736d33133e984

e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

+ 14 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/240710-t7m27aybpm/

Behaviour

Suspicious use of SetWindowsHookEx

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/e243ca8b-f6da-4ea8-8757-cb6afe451f5c

Unpacked files

SH256 hash:

e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

MD5 hash:

6ee4d16a922c7c410c48a2d7dc55ece5

SHA1 hash:

4281072875fc6b223fe3be38f2164e873a68f031

Link:

https://www.unpac.me/results/b49b7f1b-906a-4b69-8401-2125662abbd0/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	maldoc_getEIP_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	meth_get_eip Create hunting rule
Author:	Willi Ballenthin

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe e12353f4d5f68aea92424cf34972738128fc010fe4fe3072d7098f9a299ed559

(this sample)

zip 862ac2b254eb0f14a692b531bb3170ff9b4be13f2899645102c419651358d8b0

Link

https://tria.ge/240710-tr7rnaxdmn

Delivery method

Distributed via web download

Dropping

SHA256 862ac2b254eb0f14a692b531bb3170ff9b4be13f2899645102c419651358d8b0

Dropping

MD5 98f740e5539e4009243a3663dd50eb27

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample