MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0967d2f122a797661c90bc4fc00d23b4a29f66129611b4aa76f62d8a15854d36. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Lazarus


Vendor detections: 2


Intelligence 2 IOCs YARA 2 File information Comments

SHA256 hash: 0967d2f122a797661c90bc4fc00d23b4a29f66129611b4aa76f62d8a15854d36
SHA3-384 hash: 0c89450cccb72971af0a42af3d942deae5d608bd4efed2fb6f188ca4752ae8f1a4d1e876a86c13386a230a9729f46167
SHA1 hash: 514263acf79aeb49d87192ae08f6c76854cdda12
MD5 hash: 46b3061fe981d0a5edfd8d55f75adf9f
humanhash: echo-charlie-spaghetti-social
File name:46b3061fe981d0a5edfd8d55f75adf9f
Download: download sample
Signature Lazarus
File size:1'286'144 bytes
First seen:2021-02-18 01:21:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e0f869ddf0b356ab31c5676591e890ed (1 x Lazarus)
ssdeep 24576:fnrKym9OWCy0frP+1obeVbK8KW/TJ9+FCPjjcym8MUml:fnrKb9OWCy0q1obeVbPKW/TKcjlmhUml
TLSH 4055390A6270C1A8F1E699B9CA1685F3F3B13C90C7606FDB56907E157F33AD11BB9620
Reporter c3rb3ru5d3d53c2
Tags:Lazarus

Intelligence


File Origin
# of uploads :
1
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
2 / 100
Behaviour
Behavior Graph:
n/a
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Unpacked files
SH256 hash:
0967d2f122a797661c90bc4fc00d23b4a29f66129611b4aa76f62d8a15854d36
MD5 hash:
46b3061fe981d0a5edfd8d55f75adf9f
SHA1 hash:
514263acf79aeb49d87192ae08f6c76854cdda12
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ping_Del_method_bin_mem
Author:James_inthe_box
Description:cmd ping IP nul del
Rule name:with_sqlite
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information


The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments