MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051
SHA3-384 hash: 859c964b0002a33bcceded70b24445e7f53306c60265113a890cf2e8b260f2c398d66a5a31e845a731953fe42ec88368
SHA1 hash: 6e33e3ac6a1d1f0949b1426275b76e7dfe21db72
MD5 hash: 83ef95311d217e5156a2ac79ebfb9e1d
humanhash: india-hot-triple-sink
File name:SecuriteInfo.com.Trojan.MulDrop24.57126.22451.19833
Download: download sample
File size:2'651'536 bytes
First seen:2024-01-27 04:25:51 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0ae9e38912ff6bd742a1b9e5c003576a (10 x DCRat, 7 x RedLineStealer, 4 x AsyncRAT)
ssdeep 49152:qILEUZJ9W8furgfV3IbrrTbx8HvfGwlEPNIuPK2nVgTJpltBLr:qWW8fuUd3IbZ8HvOwCO2nVgTJplfL
TLSH T1C4C523027AC184F1C4772D336938AF11B5797C311F699ADBA3E46A8DDE221C0CB36766
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter SecuriteInfoCom
Tags:exe signed

Code Signing Certificate

Organisation:Bitsum LLC
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2023-02-07T00:00:00Z
Valid to:2025-03-08T23:59:59Z
Serial number: 0b494d7df02097107b9065025133fe92
Intelligence: 27 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b309179e6516e33d374264683b0751db5f23b09e625ff0b6a4163df28051d08c
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
318
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/473139/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop24.57126.22451.19833.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
Sending a custom TCP request
Enabling autorun by creating a file
Verdict:
Malicious
Labled as:
Malware.Dropper
Link:
https://www.hybrid-analysis.com/sample/f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/7cf7078a-7104-406b-8e29-d2771630fdb5
Result
Threat name:
n/a
Detection:
clean
Classification:
evad
Score:
16 / 100
Link:
https://www.joesandbox.com/analysis/1382044
Behaviour
Behavior Graph:
n/a
Score:
5%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7g5dttbwxkg5jt5t6rq6qndgbvk7cl3wzbuw3uccitnr5hnyobiq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240127-e2hsysdbc8/
Behaviour
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Unpacked files
SH256 hash:
ecf602d59e50a3cbe95a495fe5796f79ef9bf3c8d5428685284a1fcb486fad8d
MD5 hash:
2fcf7d209c83b04a92d595493d04fb3f
SHA1 hash:
e11c644b2fdfa4825907c5744fc0ce2240aa8cfd
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
ec0bb9aae6515b3e7b2459f53c7667a89bf1ed476b963952349c26dfb0aa42f4
MD5 hash:
4f22d6b8f5fff9bea7ee68d09e2a7f9c
SHA1 hash:
571f27c470dc61dead51e3f942e8aa7c13441e33
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
e426aefcb38d29b6d0a17b3f96404f7d158022a4f1553a05bcf09b9a1fd72633
MD5 hash:
8d18675bc63c02b31432d8ad9dbf8b4f
SHA1 hash:
881cca7788fc2502a17cd8c6d30e2d1d6c1ed466
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
d394aa444ea11d9287f0bc3a84cc34646b4023d214fa0568ca795a231f7dec79
MD5 hash:
8a4af5819c4da5ab570e69eeacc60554
SHA1 hash:
ea39620e0a2d82b75a90057ebefd03d54912c026
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
cf19c6287c8b3217da93b66b8a3ae21ab72d289a9bef54cd878138f1e2bcc279
MD5 hash:
c50d13ce69a3e230f0f45b79eac615b0
SHA1 hash:
e3202736c46989d0faad0251a033cd055a809b05
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
cbb1469b9eb688bd0e87a56dae13d86172e75d624b7d981b9f20f52409670ee3
MD5 hash:
459f5dc2e6fd31e1698d819320489e94
SHA1 hash:
8934f0a52202f2adf3ef9ee85c7c3f5d5643f693
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
b6c44fecd07742b36d0b03a8be1b5ed5ee988acb27d29b813dbc4f54b48042e0
MD5 hash:
edd54a4ab9fead7fe5a910ce79aa8427
SHA1 hash:
b1a915977eab1d55f01f9462dca508972ed5f964
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
b453fa2cf8b5184727810a527a3a0fceee3cd9dcba8b97017edd3138a9416363
MD5 hash:
7d44b78f7e627e7dab79aef807f7353e
SHA1 hash:
b3c157a717663bad2f7a85bf6661f987b59caca4
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
b0d55ff7f038f4e51eae2a85d250dd344135eddd0cf6b8f918a43f9ee26661f1
MD5 hash:
5c57789c1cc6bff76d4d15c359c00ce5
SHA1 hash:
7a758b2c025e26b347795e117261efe87291cbdf
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
b0562bcda2ee1843a98fc942cd13e5cdf6de4fc6cabf14776ec70d822daae259
MD5 hash:
65ea595fd5e8d835811c1370d65f6943
SHA1 hash:
54b936139a89cb99dfa1956370608fb819b77c74
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
99a33e6f0039f40afa8989b6dea656850c60362def942432bb3df52d2731b238
MD5 hash:
7bcc249d00ab7c199c0f525450662147
SHA1 hash:
8d34c16d523da65f40cc5cca1bc79c178b177d10
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
4b696c371f5a2bef4c59cb6dddd4af0684c2416ee61084dd484664a08b32b194
MD5 hash:
c87d986014b966d62c516a49e94aee26
SHA1 hash:
e007f5b450d1ac57b37df3f19b10263ca01bbe45
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
1d0c400abc454fa2e43224908dac9cd03eb90c25cd6253946cf652ae696147d7
MD5 hash:
254b4d959548c3b7e6972eb2091cd774
SHA1 hash:
89e99dcceae1a008f865df122e4d516e360a6f50
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
1bb1714c2189eb201307ac43de42097fdd6e02288cea287cc9069be82a96b12d
MD5 hash:
8f05005a0a8eb2aa14fe845be9f0a72a
SHA1 hash:
7eb0d28c4e8a81268d96a4a65ce79f0d3c318d38
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
165d8ba451e6c94ac2dc7b6beac7489a2b513085808440fb6238fcb97e8cee1d
MD5 hash:
cc8e65b82ee030bff38feb9c8151eed4
SHA1 hash:
5f6a4f105f2c0e3c6b9f24b719a2104d968651cf
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
05fb253befa718cd2a50061b7d23d50e24d762e6e860ecf4ff96dffa94863699
MD5 hash:
81b68c26774381f31e5cbcaf3f962cca
SHA1 hash:
6d6d143e8696542b85c56c0cbb2cedf1a74f9c1d
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
d2e1c77c789356d65e2f98c0662b00bc281b086970c89e0d83618df6c4869b9b
MD5 hash:
c58e77498eb6d16ced3cb60c75d8e57b
SHA1 hash:
73ff3e79912895ac9b82ee1efeeb2fd99d5fd0c1
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
SH256 hash:
f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051
MD5 hash:
83ef95311d217e5156a2ac79ebfb9e1d
SHA1 hash:
6e33e3ac6a1d1f0949b1426275b76e7dfe21db72
Link:
https://www.unpac.me/results/3a09ac8c-f867-47e7-a8d6-e66436a31eeb/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f9ba39cc36ba8dd4cfb3f461e834660d55f12f76c8696dd04244db1e9db87051

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SelfExtractingRAR
Create hunting rule
Author:Xavier Mertens
Description:Detects an SFX archive with automatic script execution
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/473139/

Comments