MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dda31f92fcb8e94899981ba0cc4aa9c6b1a8fea440268092c011636ed95ce1a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dda31f92fcb8e94899981ba0cc4aa9c6b1a8fea440268092c011636ed95ce1a9
SHA3-384 hash: ce2f989128a7660a482d095fd6a8d8da97bc1e8a8a5dc2e3ded2fa041acc8d9269861cdf189b918414518447d925a757
SHA1 hash: 43af6356677f55f0dafd8c1464fa6cccd7e0de29
MD5 hash: ed8cdf2098c1e36aa52eb70624e6832e
humanhash: black-georgia-earth-bakerloo
File name:385619_IGZ.msi
Download: download sample
File size:1'046'528 bytes
First seen:2020-09-01 12:09:26 UTC
Last seen:2020-09-01 12:34:32 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 24576:As7FId/5IqVXCWJriAlb2DRMIHBPHofTl6VQU1YwYz/:AsI5IqVXCWJriAlbuLBPHKTl6VQU1YwY
Threatray 16 similar samples on MalwareBazaar
TLSH 65259D2076C6C536D5BE05703A6ECB6B5469BE600BB5C4EB63D81E2E1DF18C24232F67
Reporter JAMESWT_WT
Tags:Downloader Mekotio spy

Intelligence

File Origin
# of uploads :
2
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54000/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dda31f92fcb8e94899981ba0cc4aa9c6b1a8fea440268092c011636ed95ce1a9/
Threat name:
Script-JS.Downloader.BanLoad
Create hunting rule
Status:
Malicious
First seen:
2020-08-31 12:05:07 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
9 of 29 (31.03%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
0f12408c06ccf60608a60572d521bbc8012e6ce7e0d701781a0a33e0e1fd1519
80b767be044fed7b482d96625401d23cee2a881d3a1c8d2ab06179deae99d345
9e2a79f4a93a4f337997bf6f5826dadfa703ee52cafd9303c926abb7024ce590
9ef798f213e1041e42d18ac0c8f9719e6e35adb0c082dde900ae364e0d591322
bfd12725c557e1a9992dccff4257290adec43be6315f68471af0d26c9fa662ad
cb25c52259fd5629dacb98a954ccc4aa5e6dc15629122750b381427f7a5b1358
d0b75623d36da9695f32016e7e99e514a7c5e903ad41b281cb348fad7d98a138
d46dd776096b9f1a39203318bb76fc837e51c9f0a1212dd349eeb57ce6e58758
f923c5ce0a44f73f86dbb04d02905e0e0068d675f6095680b41d904380800e17
fc1b36e39f87cff2c9076a7e8316af297255a92824338b19b69022b47a47daa6
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
macro
Link:
https://tria.ge/reports/200901-c739wkarse/
Behaviour
JavaScript code in executable
Suspicious Office macro
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dda31f92fcb8e94899981ba0cc4aa9c6b1a8fea440268092c011636ed95ce1a9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54000/

Comments