MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c
SHA3-384 hash: f117b7fe124ce123e95bcba9d38748490594383c0eed2b2f5d2ab3cf60b778f7d55f4344d933eb7fce481b21b0f312df
SHA1 hash: 8cf3dce488963d091feab49bf30abe88290b4717
MD5 hash: a8212f1f275b6161b3774c1612b20c23
humanhash: potato-mike-mango-lactose
File name:SunloginClienr_15.8.0.18235_v6.6.8.msi
Download: download sample
File size:92'261'376 bytes
First seen:2025-05-21 12:16:01 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1572864:iSRJtZa8NmbiQF73aH8O9jEF+YAgia5d8dQmnRJp72Kidsuev2:iSRJt488bFF7mVYAgiav8ugRnMPeu
TLSH T1D3183320B67368D4E62FA7BFE0A55FC444346DE0B317D56B33747BB89AB064260B2943
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter JAMESWT_WT
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Clean
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682dc43ac28c67d66643832e
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
adaptive-context base64 cmd expired-cert fingerprint lolbin remote wix
Link:
https://www.filescan.io/uploads/682dc434bff72ff46b67758d/reports/02c7d2c5-6780-46b1-835b-856bbdd3c334/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1695852
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/e5aa061d3a3f2ccfd348e7b67889c776ce062657999bd4edb9386379e1f4f60c
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4wvamhj2h4wm7u2i463hrcoho3hamjsxtgn5j3nzhbrxtypu6yga._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/250521-pft9zaar7s/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Loads dropped DLL
Enumerates connected drives
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/606ca629-9387-4ee3-9183-c77e9bb830bd
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e5aa061d3a3f/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments