MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511
SHA3-384 hash:	751135bebbc94f44acbcfc31ea96db0434725a6b65511ed84e475f6836a6a84616d78922caa8bbb0b5f9723604f5d13c
SHA1 hash:	2b1fe5a12b28bb953e5481f01945e629e741d64f
MD5 hash:	00a2dd02c0173b91704855771eab9096
humanhash:	hamper-uniform-magazine-juliet
File name:	mieqirl.dll
Download:	download sample
File size:	962'048 bytes
First seen:	2020-03-20 20:01:06 UTC
Last seen:	2020-03-20 21:48:43 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	9f389ccb31ebde8c1269363cb6c347de
ssdeep	6144:LT45Z024v0vOYxSGAvZcbhRf0WYpfR+PGc38kKuTd17cUotuPwo5USEWx6xVkYwo:Lbd82Y2veIfRSlstuPUX2
Threatray	38 similar samples on MalwareBazaar
TLSH	3F157A2EA64344DBE7752A34E3E30E03995171D6E8200D4F7E7E9E9C7B646A17C09EC2
Reporter	Racco42
Tags:	dll ZLoader

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42855728.16808.1820.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Kryptik

Status:

Malicious

First seen:

2020-03-17 18:53:53 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

23 of 31 (74.19%)

Threat level:

2/5

Verdict:

malicious

39599008089755aa7cccb534b2c94ccb537f266018bb67ae3ed4b9f51c0a40b9

7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d

81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f

8d5a770975e52ce1048534372207336f6cc657b43887daa49994e63e8d7f6ce1

bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342

da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

da550540689b015b44a2e03f37c23ed8c8730ccf9cb611490dc76a39782dce2b

e3bcf059f0ad7b1c92462646e135623d3ce75addcd6a0d207b78e2fbfb6dac2d

e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448

+ 28 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

vbs 2bd5348e36ca1bff2da1da38e9e0b2a70399448be740f926ad68d21f0462be03

DLL dll fe6778684fe56f143efd0bfae3e127f0c615f11d47e302e68a9eb1f83f7a6511

(this sample)

Delivery method

Other

Dropped by

SHA256 2bd5348e36ca1bff2da1da38e9e0b2a70399448be740f926ad68d21f0462be03

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	oleacc.dll::DllCanUnloadNow
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample