MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773
SHA3-384 hash: 676f71531c7ac73fc3393a4bf32e7688b4165a5ecd026cbedd16fb410e5df5856d32223a6a1fff7fc101e0b37ee3f23c
SHA1 hash: 49b396e767ffb869b09d9afeb3aa2c903864b463
MD5 hash: ada3a83cd4773b6a55c21f95ac5b6418
humanhash: fillet-coffee-river-fifteen
File name:SecuriteInfo.com.Win32.PWSX-gen.19916.2719
Download: download sample
File size:34'816 bytes
First seen:2023-08-02 13:31:06 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 969ed979bcbb9cc9e109e354589ac767
ssdeep 768:l1wiCRLQXVuvCS/z5j583KTG94n1Ou5KM2vauZEjxK97n+PL6fhK4rejK18:l1wieOuvCS7BKTxCDcFm2hK4rejD
Threatray 2'380 similar samples on MalwareBazaar
TLSH T181F20B11D6C0ADE6E4FA26FC8B77A52536399D20C34940FF23C12D5E5B286C25E709EB
TrID 30.2% (.EXE) Win64 Executable (generic) (10523/12/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4505/5/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
254
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/439855/
Detection(s):
SecuriteInfo.com.Win32.PWSX-gen.19916.2719.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lolbin masquerade shell32
Link:
https://www.filescan.io/uploads/64ca5ad158785b2ae21872b8/reports/57ae35b9-2210-4d39-975e-e9cfbe98246f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1e3c356b-3d7a-4c38-bf20-793b993e4df8
Result
Threat name:
NSISDropper
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1284435
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected NSISDropper
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1284435 Sample: SecuriteInfo.com.Win32.PWSX... Startdate: 02/08/2023 Architecture: WINDOWS Score: 60 29 Multi AV Scanner detection for submitted file 2->29 31 Yara detected NSISDropper 2->31 33 Machine Learning detection for sample 2->33 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 cmd.exe 1 8->12         started        14 rundll32.exe 8->14         started        16 conhost.exe 8->16         started        process5 18 WerFault.exe 2 9 10->18         started        21 rundll32.exe 12->21         started        23 WerFault.exe 9 14->23         started        dnsIp6 27 192.168.2.1 unknown unknown 18->27 25 WerFault.exe 28 12 21->25         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2023-08-02 09:11:29 UTC
File Type:
PE (Dll)
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7asu7ndynh4iw25mgiaiyr5tvkwthp5b2fom66yjujb2uushm5zq._file
Verdict:
unknown
Similar samples:
02ef992b9a587c6cdc382995b5dcfff0367554ec581a6fa28d08c70444f9e0d9
10372fcf6428d7349da718054cb7e6025c0c2e16c8e0036eb556591ddc84efba
190090b95e7c9b2410ceb2149bb1c4369550963e56693e331bda3d020a0018e2
1d3537a78980a2e078642e4e0370f71533154d0212ab9984219b78b6191e3c09
27c697b130c816b682bd8329d344371768a95d276d3d9621051f926f77a3315a
4d698a32de4877e432bf6d6af790d86746adb3bd352844451a7505fb3d8b3492
69b78313535ef2b6dc89c71b8c389907e8a02cccb5d9fdee05833d69aac84c0f
d87a34f514868d5c385310bb7fc6b669216288553b57608b81163a425d8067df
eb8e351b8fdaadf5429c19d052428ab81b91170406b937d0f3753e334a757fe3
f3256c298bef3b4070df894a2497eccb7619554966299f2a4c26fcf94b7d541d
+ 2'370 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230802-qsxrasga31/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773
MD5 hash:
ada3a83cd4773b6a55c21f95ac5b6418
SHA1 hash:
49b396e767ffb869b09d9afeb3aa2c903864b463
Link:
https://www.unpac.me/results/8fa154dd-2ae2-454b-97cf-1b95f45fe0e2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f8254fb47869f88b6bac32008c47b3aaad33bfa1d15ccf7b09a243aa52476773

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/439855/

Comments