MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da
SHA3-384 hash: ecfd07d93f7c04aec14f9214e4b635afe78704c1963571a4c74292085d59a34b737524760517c5137a290060ef4b4e7d
SHA1 hash: 5b189679af69f1c00ca7c03bd9d3a9afd3c187f6
MD5 hash: 39270d4fad7465b36441a5faf32db7bd
humanhash: network-sierra-lactose-wisconsin
File name:SecuriteInfo.com.Win64.TrojanX-gen.16035
Download: download sample
File size:1'172'480 bytes
First seen:2022-09-18 17:48:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 24576:PviPSxcMMfDo2iutkN4wCSVRRYcy7wOR7H2+PdexX7g0i5TbkgLs5Sa/KiAFjos:PPjRY7MajddY7g0iNgKFjo
Threatray 2'534 similar samples on MalwareBazaar
TLSH T19B4512ED527380C0FC9ADB73BDC0669A0E56DE76BF1C39AE49B20CD145A567E10E21B0
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
File icon (PE):PE icon
dhash icon d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
359
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win64.TrojanX-gen.16035
Verdict:
No threats detected
Analysis date:
2022-09-18 17:50:16 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/11d2556b-f5e1-4c96-b017-0e5f2c2118ab

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/311108/
Detection(s):
SecuriteInfo.com.Win64.TrojanX-gen.16035.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Launching a process
Creating a process with a hidden window
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63275a16ba7b8113dd76a89a/reports/ee548495-6f1a-4301-b7ba-b07c90b11db9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Formbook
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/00ad0248-a8c2-434c-8ac9-1f9dfe0a4828
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1072521
Signature
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da/
Threat name:
ByteCode-MSIL.Trojan.Injuke
Create hunting rule
Status:
Malicious
First seen:
2022-09-18 17:49:09 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
13
AV detection:
10 of 39 (25.64%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4hx7z2tgsuwv72eq7kyv4nmedf4zbwq5w674de6y7uahhf5ei7na._file
Verdict:
malicious
Similar samples:
0f9e71d60e3069524b211280f87d329ea279c0b59b08826a14eec3cf97f9c839
11e4843a483f2a083b7daf71446ff19442ea1a924f4550dab5f059ee5893357f
25c62b72f0555d7ebf9397ec0c8d124942be1b4cedd6848c0c0a8f4a63dc7741
3d5381ffbeff5b5cd6a864cb3d15de8393ab4be8b1dfead3179a8079ebd68e05
3d538725fd27edb771e7e5c07a11508d7363dc6f0bdb438240bd34eae746aeed
3e85b31ff1780031f94570fc9801b6a886564a4caa2acc360d2c65f29b22dbb5
3fba4c2bac1363433553b57b389916f759be99e350e8003bf3d2a5584ebe5f46
452937d12a7cca9683eefa5c75273560523871c22f12ea56c1933063c2f830bc
8a63134b33062c4634272b96c12d130f3abe74270f958ac03049eaae8bb66de4
abf32362b9d9351332107be717d6673ff298e6f66e536838f59dc0ca0e22942a
+ 2'524 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220918-wdzv1abee7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Suspicious use of SetThreadContext
Legitimate hosting services abused for malware hosting/C2
Checks computer location settings
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/69aca3da-fc0b-4371-8e0d-19bcb815542f
Unpacked files
SH256 hash:
e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da
MD5 hash:
39270d4fad7465b36441a5faf32db7bd
SHA1 hash:
5b189679af69f1c00ca7c03bd9d3a9afd3c187f6
Link:
https://www.unpac.me/results/262c47fe-7c59-4a12-8fab-1f948574a596/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e1effcea6695/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:RansomwareTest3
Create hunting rule
Author:Daoyuan Wu
Description:Test Ransomware YARA rules

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e1effcea66952d5fe890fab15e3584197990da1db7bfc193d8fd007397a447da

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2306837/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/311108/

Comments