MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb
SHA3-384 hash: 24be3b42870245bb9d4b6122af888cb9e4e778dcdacf0124e17c60f47e12e8bbec063b5742e0db1b9f2c05b279145fd6
SHA1 hash: 2b35d0d3fe762580eaa6430aa13805d5856dad7d
MD5 hash: 06178a9c37def61c418e1ab526a75a2d
humanhash: mockingbird-mobile-one-blue
File name:SecuriteInfo.com.Trojan.Inject4.9563.31425.21445
Download: download sample
File size:235'008 bytes
First seen:2021-03-24 22:43:57 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 97b333f621cbdd1bbbfa4f750aff54d3
ssdeep 3072:WvHNdzzW4ukdbvJXaihmFmjVUYwiOV8HeHExZHQTj6uivkTxrlx4qDYMUhv4RYq:SthBFwqmcwiKnE8TjJ9lxdsM9
Threatray 196 similar samples on MalwareBazaar
TLSH 3634121669017C27D8B7843A25E662592E6C4535830825F26B7E3CDB0CE231FE9FF91A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Inject4.9563.31425.21445.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/653145
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 375513 Sample: SecuriteInfo.com.Trojan.Inj... Startdate: 24/03/2021 Architecture: WINDOWS Score: 52 27 Multi AV Scanner detection for submitted file 2->27 29 Machine Learning detection for sample 2->29 8 loaddll32.exe 1 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        process5 16 rundll32.exe 10->16         started        18 WerFault.exe 2 9 12->18         started        20 WerFault.exe 9 14->20         started        process6 22 WerFault.exe 23 9 16->22         started        dnsIp7 25 192.168.2.1 unknown unknown 22->25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb/
Threat name:
Win32.Trojan.Predator
Create hunting rule
Status:
Malicious
First seen:
2021-03-24 04:13:59 UTC
AV detection:
17 of 29 (58.62%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0132bc0987f049d7527b99c657edefbf62eefcc9bdb4766e6066160ca0bdf4e2
1571b85ea8ead1e967eb89105389d22b99d1f7ee0b08a5accbc6b8779537d580
41c3883da8b2fefc8e7a686adec3556efc6ac787d926d7cd4953706c2561c437
7f6018e156efcd3243dfc28a245596897f68129037771eba60c08fe28953d4d3
88fb12795e9ac45b0e279eca73b0f7aab1ebe49ef8fe1d151fb23e287bfe0fb8
a972efc79711df0c08313548c8febb09e4541581c2a7816e0ee917d6cf6bda87
c66385846e9711db8b0ffb1896d46841b903b8d8e464f0136d60340ad795eb06
dc2e4314a026125eda52f665c38b7104ac65969ff375e0042cf66bfb7869ad34
f2787f37e1c84c140eed2b1d0b435ace16444cf36853901fbe5eb503490bc970
fd1e5bfc8f80ad6ba66790ced71e4b092cb7fce3dcf6cd9b506c7c0eab159ca3
+ 186 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210324-lxffy5vczj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb
MD5 hash:
06178a9c37def61c418e1ab526a75a2d
SHA1 hash:
2b35d0d3fe762580eaa6430aa13805d5856dad7d
Link:
https://www.unpac.me/results/7145108f-04f4-4133-bfb8-2ee433dee3bb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Eldorado
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/ef32df31e5443a381c540a31d54717790a156ecbee2da9746e77b04fd2b97eeb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments