MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf
SHA3-384 hash: 82d5cb70cc07991d597bb835cbe2b66c58183c9e4cdc3e9de2571567ab15ea81fef1acccf9f5e4d3eb6f6b27d88997d2
SHA1 hash: 54030de2a3bdb246c81db1ef7e6b7c806c119bc7
MD5 hash: be999c0ad76e312f6a29240f7de8a658
humanhash: april-georgia-five-undress
File name:SecuriteInfo.com.StaticAI-SuspiciousPE.11310.20913
Download: download sample
File size:1'790'166 bytes
First seen:2022-08-11 21:31:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a594319a0d69dbc452e748bcf05892e (21 x ParallaxRAT, 20 x Gh0stRAT, 15 x NetSupport)
ssdeep 24576:Z4nXu/QSDTV+Bnvu8tGJJVzs8/ChOPKIvwVg7NWOhoO0Mx1dkWo9AkA:ZqeNVZJ/fKhlIoiVFndkq1
Threatray 403 similar samples on MalwareBazaar
TLSH T13A85BE3FB268653ED4AA0B3245B392705A7BBA61A85A8C1F17F0090DCF765701F3FA15
TrID 61.8% (.EXE) Inno Setup installer (109740/4/30)
23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.5% (.EXE) Win32 Executable (generic) (4505/5/1)
1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
File icon (PE):PE icon
dhash icon f8dccc9cd6dcc0c0
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
328
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.StaticAI-SuspiciousPE.11310.20913
Verdict:
Malicious activity
Analysis date:
2022-08-11 21:32:04 UTC
Tags:
installer
Link:
https://app.any.run/tasks/3c840c50-1beb-4af0-90c3-ba090c2d7240

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/298098/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

SecuriteInfo.com.StaticAI-SuspiciousPE.11310.20913.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Searching for the window
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28732/overview
Behaviour
MalwareBazaar
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed setupapi.dll shell32.dll
Link:
https://www.filescan.io/uploads/62f57554fae2a3f517bcf455/reports/f59971de-bda3-494f-b83f-c6ecb05add0e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/838fc15d-d58c-4c2b-b198-ff86cae41aee
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
28 / 100
Link:
https://www.joesandbox.com/analysis/1050254
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Obfuscated command line found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=76nf5wqk43k576tryavqut4w4b7wens5w2f2pk3u4u5fcltx7k7q._file
Verdict:
unknown
Similar samples:
258029045d72eb7fe738dce1df886a17c9d3ee81d6a8f8d7d2ff532ee199cc0e
3e99b59df79d1ab9ff7386e209d9135192661042bcdf44dde85ff4687ff57d01
3f947f5a849f11be9079a5c2418240e2faf7e53b63662c85b92fad8f47ea4d09
a1a9137dea275aa805e5640f6450366dbf6e10be066e5c12c34904e45e469c4c
d3c5e10462110b2ac5f825e7834e857ff7b75639acaf1c46448d401b0765d212
f16630378ba5cd07f2e131f3afa483c6f722406702d9201450c3be17f8b1081e
+ 393 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220811-1dk43afad8/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
44f0d8bd35301ad35b43fd014fa9892f9f6dc2a20081b39da337d33036106ef8
MD5 hash:
7190bf85c5e29a3cdba408d802cb5025
SHA1 hash:
7609b6013582cd7ca3d3b74dd8f6a2b6e8fd87f3
Link:
https://www.unpac.me/results/0db492de-eadb-4038-92f8-590f10e33597/
SH256 hash:
0358dccfb3adb16d5cc13f044b7afb50396a9c21e02eb26745b57aa8abbcbf97
MD5 hash:
61f636251780ef0f7fa54d3f9a89eebd
SHA1 hash:
3979efc0e7f519b84d7027742205f01051df158b
Link:
https://www.unpac.me/results/0db492de-eadb-4038-92f8-590f10e33597/
SH256 hash:
ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf
MD5 hash:
be999c0ad76e312f6a29240f7de8a658
SHA1 hash:
54030de2a3bdb246c81db1ef7e6b7c806c119bc7
Link:
https://www.unpac.me/results/0db492de-eadb-4038-92f8-590f10e33597/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ff9a5eda0ae6d5dffa71c02b0a4f96e07f62365db68ba7ab74e53a512e77fabf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/298098/

Comments