MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad
SHA3-384 hash: 568c4efe42d9fdf81c68b84f0fe26fb7bd695f20349d4ee43ea6a34d67631285ab8378034f04385059f779c3c082ecf0
SHA1 hash: 44ea4b43e5cb20ce9140297f7bcf87f028e0830b
MD5 hash: 563f30a6c6d9978c30e8416542ad6041
humanhash: four-echo-fifteen-twenty
File name:UTH.msi
Download: download sample
File size:1'453'056 bytes
First seen:2022-10-12 06:04:21 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:jJjyyzQyz5io+HExGWUAyiqZpBqnGIQ5M6DLrVVdWGA13IqMXSpS2SDTQuV+vJFo:jJjrz5io+HGGWxyzXlrXVVdWGA13I1Xd
Threatray 141 similar samples on MalwareBazaar
TLSH T1D0659E1176C6C436D5BE01703E2ED76B156EBE200BB188EB63D81E2E1EB15C25632F67
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Reporter 0xToxin
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
178
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/319192/
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
shell32.dll
Link:
https://www.filescan.io/uploads/6346591067135c9da2467be3/reports/e5613944-8146-4614-bc27-49041a175cb1/overview
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1088559
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=43bzzqfxu6wyrh6tivdv6c35l2tubsv2oc6e6v2wjz3a5css62wq._file
Verdict:
unknown
Similar samples:
08537cb3114c47c65d190d12f922af4be1f7f29c9c2f2af364ac8c1d813df86c
0e723f0f68b2800366b5abea9fa863ae89fc327c795bb8c60cf8fe087ebcf8b3
21b86d066be79ef02c1e00c3be9bf22c4087d4122569543d2c8854ccb8a9b129
28ee91abd2a0efefab3b2e95ffe2ffaecd7ca0cf2a5bc5bf56b6810ba32eafb4
3529493db869e38f4cc8d85f0b5e3964abb6b9aa9e053b6884b47ff610551239
368a995009f0a3324ed392ed8411bd64c41d091fb22ef20170f9c9fd50ee8c8a
989a24e72257ae8d0ecf15903f6293e11151a31b3bee85f61c14f0d0b96a4d2f
a519aea7bbd70ca7c031db95b52bab0d6c416ae5038c12b3e66d85b84cf7652a
c5d5bd4d5b66de5559e4ebb98251b74b49baa08a50cfc8f69b2c9005fcc861a4
df2853a1bc08e8f9ee97a33a001e84597e85d5834c540d846dce4d4f8183bddd
+ 131 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware stealer
Link:
https://tria.ge/reports/221012-gs6vjacfg5/
Behaviour
Modifies Internet Explorer settings
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Adds Run key to start application
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Reads user/profile data of web browsers
Blocklisted process makes network request
Executes dropped EXE
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e6c39cc0b7a7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:suspicious_msi_file
Create hunting rule
Author:Johnk3r
Description:Detects common strings, DLL and API in Banker_BR
Rule name:win_blacksoul_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.blacksoul.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/319192/

Comments