MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 881941ea24e92f4bd4d69d79e27ce1d2b10094172cb3cc93b223daf70ef2d867. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	881941ea24e92f4bd4d69d79e27ce1d2b10094172cb3cc93b223daf70ef2d867
SHA3-384 hash:	1446b4492812707b197d3647961cb634c32a6b16f3caea273a5cfb54d549dd4ea021e941fcc2b9675a9a64bc1dff1353
SHA1 hash:	f992abe8a67120667a01b88cd5bf11ca39d491a0
MD5 hash:	ff8c3f362d7c9b9a19cfa09b4b3cfc75
humanhash:	moon-football-west-zulu
File name:	iec56w4ibovnb4wc.onion_Library__Turla__TurlaDropper.bin.malw
Download:	download sample
File size:	559'616 bytes
First seen:	2020-03-18 23:11:11 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	05cb4e6d3d97087700002cadc74908c5
ssdeep	12288:AHfkUhHdITWwBdivNoj6XhgjiknnDNYVUg056sV:A/J9ITFBGoWWjlnJYVUgc6
Threatray	21 similar samples on MalwareBazaar
TLSH	39C4E101739CC8F2E4131430529A6D729D7ABC31AA7FD40BFF824A6E5964BD0EA25F47
Reporter	ov3rflow1
Tags:	malw

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/5125/

Detection(s):

Win.Trojan.Turla-6657713-1

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Trojan.Turla

Status:

Malicious

First seen:

2017-03-22 03:48:01 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

42 of 48 (87.50%)

Threat level:

5/5

Verdict:

malicious

17ddc83d49b6cd1d511e8c5498c44d8b4bdbbb69b13011a180f8bded117ff2f7

455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb

6a9bc3a1eb4f814af952f27066b70136b9cd7ad980f705dad5bc91b697888b5f

92714bd064db14df090e83922023d6ebc0e515909e223e9277a35c570b0a36e0

a2322a27796d9f34f31d819e417d4eba3d1463ecb81b4b7aa1791812aed28a63

b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706

ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136

e7f1b2d2601e9a6427a155a3599614c09c9edaae7eb8f10b81e1f3e117717157

e869c8e7f61d4f49d357d02179ed557e466b1d66ce6993faddbc23d5992ff59b

+ 11 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/881941ea24e92f4bd4d69d79e27ce1d2b10094172cb3cc93b223daf70ef2d867

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Cape

https://www.capesandbox.com/analysis/5125/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::LoadLibraryA KERNEL32.dll::LoadLibraryW KERNEL32.dll::GetStartupInfoA KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_API	Can Execute other programs	KERNEL32.dll::WriteConsoleA KERNEL32.dll::WriteConsoleW KERNEL32.dll::SetStdHandle KERNEL32.dll::GetConsoleCP KERNEL32.dll::GetConsoleMode KERNEL32.dll::GetConsoleOutputCP
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CreateFileA KERNEL32.dll::GetSystemDirectoryA KERNEL32.dll::GetFileAttributesW
WIN_BASE_USER_API	Retrieves Account Information	ADVAPI32.dll::GetUserNameA
WIN_USER_API	Performs GUI Actions	USER32.dll::CreateWindowExA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample