MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249
SHA3-384 hash: afbe29399c9a657e450644667ea9d2f5c37af75d586989ad3fc9c4042226e7b140252b78353e92799ff954711af568ed
SHA1 hash: 23fdc989fe88503d17097ae999009b8b91fe71fe
MD5 hash: aab2a9f4fb16c677171f54865f5718c1
humanhash: seventeen-happy-nine-april
File name:libConfig1.bin
Download: download sample
Signature TA505
Create hunting rule
File size:325'120 bytes
First seen:2020-06-29 12:06:17 UTC
Last seen:2020-06-29 13:12:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5987ad333df58a5c95b90d15601f3e98 (1 x TA505)
ssdeep 6144:MBU7nA9MDEd4qfzuq/kBTTipLi2ITIvFcuC9qwvJntSmuVXMnEWH:XA92at6Gwupi2He9q44muJ/WH
Threatray 58 similar samples on MalwareBazaar
TLSH 4D64F1241D5186BAF4F8063825E70FD442B05DB93FA4E4930BC429D1BD62A67782F7BB
Reporter JAMESWT_WT
Tags:32b dll TA505

Intelligence

File Origin
# of uploads :
2
# of downloads :
894
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/16250/
Detection(s):
SecuriteInfo.com.Win32.GenKryptik.DZVA.2188.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249/
Threat name:
Win32.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-06-29 12:08:05 UTC
File Type:
PE (Dll)
AV detection:
36 of 48 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=bvhs2nkp2kwkqwzhdhlut24iyh2eime24j7tqjhq7kwixw72ijeq._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b
TA505
508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986
TA505
5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0
TA505
674cac26b5ee006a476669c6857e24a8187ef94945d521c8bbe9069ec74494ba
TA505
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
TA505
9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
TA505
acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f
TA505
c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85
TA505
ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
TA505
e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487
TA505
+ 48 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200629-xzj73bsfmn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/stoerchl/status/1277572218235555852?s=20
Cape
Cape
https://www.capesandbox.com/analysis/16250/

Comments