YARAify Scan Results
You are viewing the YARAify database entry for the file with the SHA256 hash 369e4235d8a6df84953479f4e00307b483f9559b54b86598867b3a43897e3b48.
Scan Results
| SHA256 hash: | 369e4235d8a6df84953479f4e00307b483f9559b54b86598867b3a43897e3b48 | |
|---|---|---|
| File size: | 113'956 bytes | |
| File download: | Original | |
| MIME type: | application/x-dosexec | |
| MD5 hash: | bcca1d0ca49fc402d6f2f1b8bb4d2f65 | |
| SHA1 hash: | febf3e796aa1070ac8bd63f3a68a948bb59b96bf | |
| SHA3-384 hash: | 4f7457e1f667c506e3a81476d6ba6914da0f0267ad030126fdd0db26fdd00ad16486cfded1f86c34dff0b3f3cf555d89 | |
| First seen: | 2022-11-24 19:55:40 UTC | |
| Last seen: | Never | |
| Sightings: | 1 | |
| imphash : | 6ffb494af16c40c0c89aac63ec6fdf35 | |
| ssdeep : | 3072:3hzYTGWVvJ8f2v1TbPzuMsIFS+NThy+JP/PIYrAM6t5w:3hzOv2fM13jsIFS+NT7P/PIsAjjw | |
| TLSH : | T1C3B3E913B64AD0F3E46552F146425B32CEBCBC3237196233D3CFD5429E79486D862EAA | |
| telfhash : | n/a | |
| gimphash : | n/a | |
| dhash icon : | n/a | |
Tasks
There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.
Task Information
| Task ID: | f8e10f83-6c31-11ed-a71a-42010aa4000b | |
|---|---|---|
| File name: | 400000.sbietrcl.exe | |
| Task parameters: | ClamAV scan: | True |
| Unpack: | False | |
| Share file: | True | |
ClamAV Results
The file matched the following open source and commercial ClamAV rules.
| Signature: | Win.Malware.Azden-7587127-0 |
|---|
| Signature: | Win.Malware.Rescoms-6598304-0 |
|---|
| Signature: | Win.Malware.Zusy-6832224-0 |
|---|
YARA Results
Static Analysis
The following YARA rules matched on the file (static analysis).
| Rule name: | command_and_control |
|---|---|
| Author: | CD_R0M_ |
| Description: | This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group |
| TLP: | TLP:WHITE |
| Repository: | CD-R0M |
| Rule name: | INDICATOR_SUSPICIOUS_EXE_UACBypass_EventViewer |
|---|---|
| Author: | ditekSHen |
| Description: | detects Windows exceutables potentially bypassing UAC using eventvwr.exe |
| TLP: | TLP:WHITE |
| Repository: | diˈtekSHən |
| Rule name: | malware_Remcos_strings |
|---|---|
| Author: | JPCERT/CC Incident Response Group |
| Description: | detect Remcos in memory |
| TLP: | TLP:WHITE |
| Repository: | JPCERTCC |
| Rule name: | Remcos |
|---|---|
| Author: | kevoreilly |
| Description: | Remcos Payload |
| TLP: | TLP:WHITE |
| Repository: | CAPE |
| Rule name: | remcos_rat |
|---|---|
| Author: | jeFF0Falltrades |
| TLP: | TLP:WHITE |
| Repository: | jeFF0Falltrades |
| Rule name: | REMCOS_RAT_variants |
|---|---|
| TLP: | TLP:WHITE |
| Rule name: | win_remcos_auto |
|---|---|
| Author: | Felix Bilstein - yara-signator at cocacoding dot com |
| Description: | Detects win.remcos. |
| TLP: | TLP:WHITE |
| Repository: | Malpedia |
| Rule name: | classified |
|---|---|
| Author: | classified |
| TLP : | TLP:GREEN |
Unpacker
The following YARA rules matched on the unpacked file.
Disabled by submitter
Unpacked Files
The following files could be unpacked from this sample.
Disabled by submitter