MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SVCReady

Vendor detections: 9

Intelligence 9 IOCs YARA 5 File information Comments

SHA256 hash:	f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6
SHA3-384 hash:	b3abfd48c3af38b11b89a4e39bd0213ea1ee3f59e1648ebca5c2ac1b552a8e7961852fefe84a8ece406c5725f8d220b9
SHA1 hash:	227ac19bdf420f3a419d0b9a35f02c02b685324f
MD5 hash:	bc728989674865a198aa7ec34a4eac10
humanhash:	indigo-hot-hamper-jersey
File name:	SOGR6zUe.cNU
Download:	download sample
Signature	SVCReady Create hunting rule
File size:	845'258 bytes
First seen:	2022-07-11 21:26:58 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	0b3b7f6d2892e7c9acd3a5c094399d60 (1 x SVCReady)
ssdeep	12288:HwttaCl/YfvUmUNWbawXGvOdUg5/bheL+mQ7WT68aGZsx5T1b2ZuzqdGMbG8:6g1fvKmXJNXlWTWYspCZuzq4MbG8
Threatray	163 similar samples on MalwareBazaar
TLSH	T10D05D023A3C78CA3D472493C0367E37731B5A026EF578F7AA651B4260B139D19F9A361
TrID	33.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 21.3% (.EXE) Win64 Executable (generic) (10523/12/4) 13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.1% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	N3utralZ0ne
Tags:	dll SVCReady

Intelligence

File Origin

# of uploads :

# of downloads :

303

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/286389/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for the window

Сreating synchronization primitives

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-debug overlay packed spyeye

Link:

https://www.filescan.io/uploads/62cc95e57d5b150059f58d78/reports/86013170-2efb-4315-bfba-48f9d605cffc/overview

Result

Verdict:

UNKNOWN

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9a96530c-a35e-4412-a38e-7ded7b0b79a1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6/

Threat name:

Win32.Trojan.Emotet

Status:

Malicious

First seen:

2022-07-11 21:27:08 UTC

File Type:

PE (Dll)

AV detection:

22 of 26 (84.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=62iaohstssvhn4kofnollt5rlxsr22e62uqt5hhyxey2m4q2chda._file

Verdict:

malicious

SVCReady

1626dd76e3b8741e53c209beeda4431d318911dc2ee65da0a352a6b53c80a1d4

SVCReady

1c7c61a2c3c460d9cdf1fa23ff8a430c3c7b7382cf7428fc1609a23a00a7b74d

SVCReady

1dc652ce6616a4dc16dc065ab189eb0f365d02c1d1ec45a5875c41ff98b24753

SVCReady

48195f6a4343fb133da1fbca2ce7e8494ff6b5af88d813c8f61922952f55859f

SVCReady

71bc707f557a7f7470219611c8525f11d96d1b4abdbd64d715aeeb323bcf0288

SVCReady

dd997b080916cb253cdbc957ae129e1ca236e12b3328b69519d2ce9c5b071bc3

SVCReady

+ 153 additional samples on MalwareBazaar

Result

Malware family:

svcready

Score:

10/10

Tags:

family:svcready loader

Link:

https://tria.ge/reports/220711-1aqv5schdl/

Behaviour

Suspicious use of WriteProcessMemory

Detects SVCReady loader

SVCReady

Unpacked files

SH256 hash:

f61aca7fadecfcb302747ed0e43084c0716fb5a71a771d1dee16b3a2395dd091

MD5 hash:

d037c2510febaaea2d78d459c5fc1a24

SHA1 hash:

0030460b45658e4013f8b2392638953f812dee40

Detections:

win_svcready_w0

win_svcready_a0

Link:

https://www.unpac.me/results/5e0a294f-3aab-480c-bd3a-b33e6d5651ce/

SH256 hash:

f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6

MD5 hash:

bc728989674865a198aa7ec34a4eac10

SHA1 hash:

227ac19bdf420f3a419d0b9a35f02c02b685324f

Link:

https://www.unpac.me/results/5e0a294f-3aab-480c-bd3a-b33e6d5651ce/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.96

Link:

https://yomi.yoroi.company/submissions/f690071e5394aa76f14e2b5cb5cfb15de51d689ed5213e9cf8b931a6721a11c6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	crime_win32_svcready_loader_unpacked Create hunting rule
Author:	Rony (@r0ny_123)

Rule name:	simp_dll_svcready Create hunting rule
Author:	@stoerchl
Description:	SVCReadyLoader DLL

Rule name:	svcready_bin Create hunting rule
Author:	James_inthe_box
Description:	SVCReady
Reference:	f690f484c1883571a8bbf19313025a1264d3e10f570380f7aca3cc92135e1d2e

Rule name:	SVCReady_Packed Create hunting rule
Author:	Andre Gironda
Description:	packed SVCReady / win.svcready

Rule name:	win_svcready_w0 Create hunting rule
Author:	@AndreGironda
Description:	packed SVCReady / win.svcready

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/286389/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample