MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SVCReady

Vendor detections: 9

Intelligence 9 IOCs YARA 5 File information Comments

SHA256 hash:	f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8
SHA3-384 hash:	325100b49f28d247716d7530bdd4a9948f6a76f3868fa6df930bf8df081e69ba3f934c0e90b98048a2ad8ab6e1490d37
SHA1 hash:	707b2a7abb4572bbbee0d479834bc3e910bba3e2
MD5 hash:	a484630dcbd57dfd48ab5fa0dc6a5268
humanhash:	skylark-mike-echo-blue
File name:	y56B2.tmp.dll
Download:	download sample
Signature	SVCReady Create hunting rule
File size:	1'327'104 bytes
First seen:	2022-07-26 12:02:24 UTC
Last seen:	2022-07-26 12:36:25 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	65ec0ecd44c5fd13dc81281d7bfa8210 (1 x SVCReady)
ssdeep	24576:E4EH7qD9S/DaKiQGa+L7RcJpEv8pH8qeV2iHqvkjjXKJZdWgrO0njXK3:
TLSH	T1BF55AEB875047CD6667F526BC9A6ADDC13761633DA8798C8B07C7BC70BA3321EE12805
TrID	32.1% (.SCR) Windows screen saver (13101/52/3) 25.8% (.EXE) Win64 Executable (generic) (10523/12/4) 16.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 11.0% (.EXE) Win32 Executable (generic) (4505/5/1) 4.9% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter	stoerchl
Tags:	dll SVCReady

Intelligence

File Origin

# of uploads :

# of downloads :

323

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/294273/

Detection(s):

SecuriteInfo.com.UDS.Exploit.Win32.Shellcode.12060.32168.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Сreating synchronization primitives

Creating a window

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9fa46102-1e5f-48ba-99b9-976cb24b0ad8

Result

Threat name:

ReflectiveLoader, SVCReady

Detection:

malicious

Classification:

evad.troj

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1041031

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

System process connects to network (likely due to code injection or exploit)

Yara detected ReflectiveLoader

Yara detected SVCReady Loader

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8/

Threat name:

Win32.Trojan.Svcready

Status:

Suspicious

First seen:

2022-07-26 12:03:07 UTC

File Type:

PE (Dll)

AV detection:

12 of 25 (48.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6nb7xkobvc27iptu7hwtzkousx2ddlx4yd7sxovfzf7pzy2pqlma._file

Verdict:

malicious

Result

Malware family:

svcready

Score:

10/10

Tags:

family:svcready loader

Link:

https://tria.ge/reports/220726-n71qdshccl/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Detects SVCReady loader

SVCReady

Unpacked files

SH256 hash:

5b548907f5ad6f0352f8cdbe6bd5da5d5d6b25731a2b2d5ad8da1326d58aca5b

MD5 hash:

0101553b022f43efee53a8b943ec62f6

SHA1 hash:

e9b9c1985df46a23e1580c5d85396a29a358b01c

Detections:

win_svcready_a0

Link:

https://www.unpac.me/results/d64b166a-aa3e-45a8-8630-11d671ea78c5/

SH256 hash:

d995f08aaf3e575cf905b1357693f3335667cbfb03d452b6cb3ef0a0980cc20f

MD5 hash:

7803365b55bf7de3db68547fe40f52fe

SHA1 hash:

338be058689a9dd41484957a71373ddda5f073cb

Link:

https://www.unpac.me/results/d64b166a-aa3e-45a8-8630-11d671ea78c5/

SH256 hash:

f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8

MD5 hash:

a484630dcbd57dfd48ab5fa0dc6a5268

SHA1 hash:

707b2a7abb4572bbbee0d479834bc3e910bba3e2

Link:

https://www.unpac.me/results/d64b166a-aa3e-45a8-8630-11d671ea78c5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/f343fba9c1a8b5f43e74f9ed3ca9d495f431aefcc0ff2bbaa5c97efce34f82d8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	crime_win32_svcready_loader_unpacked Create hunting rule
Author:	Rony (@r0ny_123)

Rule name:	simp_dll_svcready Create hunting rule
Author:	@stoerchl
Description:	SVCReadyLoader DLL

Rule name:	svcready_bin Create hunting rule
Author:	James_inthe_box
Description:	SVCReady
Reference:	f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e

Rule name:	SVCReady_Packed Create hunting rule
Author:	Andre Gironda
Description:	packed SVCReady / win.svcready

Rule name:	win_svcready_w0 Create hunting rule
Author:	@AndreGironda
Description:	packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/294273/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample