MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f65e06c1100da40fbaa4f7bf5ea9f3d750b9ed2ccf548bc2b1eb3e7ed0a7f4c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f65e06c1100da40fbaa4f7bf5ea9f3d750b9ed2ccf548bc2b1eb3e7ed0a7f4c8
SHA3-384 hash: 976e97a36973db4ef6e34849cfc716c5630c2ff0199228fb432f25db09f04f74879b56f194dd4cc3759318ba6dd75a76
SHA1 hash: f50f39551a6871885fea1544924a78a3babc76a0
MD5 hash: f7470d5f6a6e9ed052545483babb6dee
humanhash: tango-maryland-wyoming-fruit
File name:SecuriteInfo.com.Gen.Variant.Nemesis.9780.16122.7225
Download: download sample
File size:294'944 bytes
First seen:2022-08-15 08:29:32 UTC
Last seen:2022-08-16 18:40:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6e7f9a29f2c85394521a08b9f31f6275 (278 x GuLoader, 44 x RemcosRAT, 40 x VIPKeylogger)
ssdeep 6144:tT4DtuisSy4EVBmbpdvYVHoEyHk3AlIC2lfq:tTCsSHcYtdvYVHoq3GVJ
Threatray 4'103 similar samples on MalwareBazaar
TLSH T11554F1C0E7404C37C2A0AC71CE97D665DB999263C573C9F2FE30B95FA993A6159CB840
TrID 48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
16.4% (.EXE) Win64 Executable (generic) (10523/12/4)
10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9492ccc4ae8ada92
Reporter SecuriteInfoCom
Tags:exe Heldternings Unsatisfiableness signed

Code Signing Certificate

Organisation:Heldternings Unsatisfiableness
Issuer:Heldternings Unsatisfiableness
Algorithm:sha256WithRSAEncryption
Valid from:2021-12-06T03:04:15Z
Valid to:2024-12-05T03:04:15Z
Serial number: -625cd8b3021c3bad
Thumbprint Algorithm:SHA256
Thumbprint: 1da36aa602659bd9033dc4bf88f84c08803589c9e8a5bbb62032e387d4e2b737
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
267
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Gen.Variant.Nemesis.9780.16122.7225
Verdict:
Malicious activity
Analysis date:
2022-08-15 08:32:03 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/209e2826-d146-4d60-9b7e-8b1620b03c36

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/298611/
Detection(s):
SecuriteInfo.com.Gen.Variant.Nemesis.9780.16122.7225.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a window
Creating a file in the %temp% subdirectories
Delayed reading of the file
Searching for the Windows task manager window
Launching a process
Creating a process with a hidden window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28968/overview
Behaviour
MalwareBazaar
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/62fa04497a5eee50480c6ec4/reports/44b0214a-06cc-4947-9ffc-9ce027565f7c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/348b3b05-c5ac-4bc6-be14-e1db0bd3280f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1051390
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 683900 Sample: SecuriteInfo.com.Gen.Varian... Startdate: 15/08/2022 Architecture: WINDOWS Score: 48 26 Multi AV Scanner detection for submitted file 2->26 7 SecuriteInfo.com.Gen.Variant.Nemesis.9780.16122.exe 2 30 2->7         started        process3 file4 18 C:\Users\user\AppData\Local\...\nsExec.dll, PE32 7->18 dropped 20 C:\Users\user\AppData\...\imagequant.dll, PE32+ 7->20 dropped 22 C:\...\System.Diagnostics.StackTrace.dll, PE32+ 7->22 dropped 24 C:\Users\user\AppData\Local\...\Handsfree.dll, PE32+ 7->24 dropped 10 powershell.exe 9 7->10         started        12 powershell.exe 5 7->12         started        process5 process6 14 conhost.exe 10->14         started        16 conhost.exe 12->16         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f65e06c1100da40fbaa4f7bf5ea9f3d750b9ed2ccf548bc2b1eb3e7ed0a7f4c8/
Threat name:
Win32.Trojan.Leonem
Create hunting rule
Status:
Malicious
First seen:
2022-08-15 07:11:32 UTC
File Type:
PE (Exe)
Extracted files:
8
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6zpanqiqbwsa7ove667v5kpt25ilt3jmz5kixqvr5m7h5ufh6tea._file
Verdict:
unknown
Similar samples:
12f7ffd93e0af380b2fe64c1477afcf876ae1449dcc197d71da381873bfbb439
3c167530a131f9dc899b73b9eac971b38e44d41cf291893fde8e575602c2b846
5f30eae71c1b0d08e7ec5adfc9a0dc98078595502b60a584a8df5cdf8cacf7fa
87a0e76ffaebb434696dff4449ad27f6912937899749b7d8eb3b623615176a78
a651672f98fba458ca8b6861557119c81d12afcb705c457d65dd2b44dcc499fe
bf0c11eae9de14227141901dffc7bdbd1ecb9b0a2cb1e675f7d36ce5eff0679e
d09cb69744c809f1e48fda7e9ab5623852a42fc6f2cf79547ecc3329871e84ca
f3b3bf03f311300ba76f4de3376ff21b3b1971ccbc90e24638ab15c2b42ef79b
f3c2f58838f82805e8b2fad088523958db89bc6c34b1e27760f881d8d1bcc36e
f783fddd213ea27df398d887e7dadecc3ff7a60f4dff68254581a1d2c02a8291
+ 4'093 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/220815-kd568sgeaq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Checks installed software on the system
Loads dropped DLL
Unpacked files
SH256 hash:
5e66489393f159aa0fd30b630bb345d03418e9324e7d834b2e4195865a637cfe
MD5 hash:
4c77a65bb121bb7f2910c1fa3cb38337
SHA1 hash:
94531e3c6255125c1a85653174737d275bc35838
Link:
https://www.unpac.me/results/8cc9539e-b933-4f28-9ffe-68c92cac5a54/
SH256 hash:
1ece965ac1a7410c56c47532a43dd7e5b4db0263a8dca53f0554f7ff16003a8c
MD5 hash:
df3e949ba7901c3520698d403c7f1f5c
SHA1 hash:
6cd0bcdcd433cea81f90ecc1bf4e92e9a0d8fde2
Link:
https://www.unpac.me/results/8cc9539e-b933-4f28-9ffe-68c92cac5a54/
SH256 hash:
f65e06c1100da40fbaa4f7bf5ea9f3d750b9ed2ccf548bc2b1eb3e7ed0a7f4c8
MD5 hash:
f7470d5f6a6e9ed052545483babb6dee
SHA1 hash:
f50f39551a6871885fea1544924a78a3babc76a0
Link:
https://www.unpac.me/results/8cc9539e-b933-4f28-9ffe-68c92cac5a54/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f65e06c1100da40fbaa4f7bf5ea9f3d750b9ed2ccf548bc2b1eb3e7ed0a7f4c8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/298611/

Comments