MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec
SHA3-384 hash: a721835a98d5023a438e8e6055943f88c3863a22bcacdb350354c048ee4049d9945aeb93f5db7cb390ac4a474dfa7c04
SHA1 hash: b26cd7a4ca5229e05e51068852539549b3838738
MD5 hash: 8fc868f86ee50172a6135d3a58d3495f
humanhash: ten-sierra-friend-island
File name:SecuriteInfo.com.Win32.Malware-gen.14852.822
Download: download sample
File size:6'767'696 bytes
First seen:2023-12-21 14:19:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7106f7f21b5a6e69fd7cbbc19f3ecd14
ssdeep 98304:oLRKr2ABiBQPGrOr17nGPVzN1iiriD0dbZHX7rYEnpMoC1y5EHuj4QdrwDOuL:oL5ABRPGSrlnGPVH7iDe0EpMoCSeuHG1
TLSH T13D66330CAFCE2AF6D05616B46E138ADD74F3FE6185315652F8ED8B929E03C59BE31102
TrID 27.3% (.SCR) Windows screen saver (13097/50/3)
22.0% (.EXE) Win64 Executable (generic) (10523/12/4)
13.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.4% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon f2b4f6faba8ac0b0
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
282
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Win32.Malware-gen.14852.822
Verdict:
Suspicious activity
Analysis date:
2023-12-21 14:19:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/48aa2260-c35c-4fa3-8d71-554c1f420490

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/468793/
Detection(s):
SecuriteInfo.com.Win32.Malware-gen.14852.822.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin masquerade overlay packed packed shell32
Link:
https://www.filescan.io/uploads/658449977d4bdb7f8bf9a41c/reports/906d1736-7f5b-4d2d-964b-f7de509f83e1/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/351cc105-8767-41e4-bc8e-c5daf7edf47a
Result
Threat name:
MicroClip
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1365572
Signature
Detected VMProtect packer
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected MicroClip
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1365572 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 21/12/2023 Architecture: WINDOWS Score: 72 25 Multi AV Scanner detection for submitted file 2->25 27 Yara detected MicroClip 2->27 29 Detected VMProtect packer 2->29 8 SecuriteInfo.com.Win32.Malware-gen.14852.822.exe 4 2->8         started        process3 file4 23 C:\ProgramData\pinterests\XRJNZC.exe, PE32 8->23 dropped 31 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 8->31 12 cmd.exe 1 8->12         started        signatures5 process6 process7 14 XRJNZC.exe 3 12->14         started        17 conhost.exe 12->17         started        19 timeout.exe 1 12->19         started        signatures8 33 Multi AV Scanner detection for dropped file 14->33 21 WerFault.exe 21 16 14->21         started        process9
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=736tamepomesyerp4kmscu2px3vgmwodfx6wr7rdjpg3vppy2hwa._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
vmprotect
Link:
https://tria.ge/reports/231221-rneklaafcq/
Behaviour
Creates scheduled task(s)
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
VMProtect packed file
Unpacked files
SH256 hash:
fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec
MD5 hash:
8fc868f86ee50172a6135d3a58d3495f
SHA1 hash:
b26cd7a4ca5229e05e51068852539549b3838738
Detections:
INDICATOR_EXE_Packed_VMProtect
Create hunting rule
Link:
https://www.unpac.me/results/3bc4f357-966c-4cf2-b7af-638e98a67e2c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fefd30308f73092c122fe29921534fbeea6659c32dfd68fe234bcdbabdf8d1ec

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/468793/
  
URLhaus
https://urlhaus.abuse.ch/url/2739592/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2742874/
  
URLhaus
https://urlhaus.abuse.ch/url/2733619/
  
URLhaus
https://urlhaus.abuse.ch/url/2735404/
  
URLhaus
https://urlhaus.abuse.ch/url/2737076/

Comments