MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0ebe768edc09653b23de3b9779d08fd1f4c3cace7c3386bbea405248e0708d6d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lazarus


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0ebe768edc09653b23de3b9779d08fd1f4c3cace7c3386bbea405248e0708d6d
SHA3-384 hash: 24d6e440dcf1c052f669813a7d20553a80124e9cc5d83f91f3727947028d337c8f50b2335e5465224f109790d36000c6
SHA1 hash: ae4607c76c056bf04d691ec38fef9be481236fdb
MD5 hash: 4008f5c3cd5221798c76abba9a267faa
humanhash: seventeen-oranges-failed-saturn
File name:desktop
Download: download sample
Signature Lazarus
Create hunting rule
File size:614'400 bytes
First seen:2020-06-10 15:00:43 UTC
Last seen:2020-06-10 16:08:20 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 6db8f52d34e707ea8ce246e337afd54a (2 x Lazarus)
ssdeep 12288:bzahEocgoOYtecmNFystKJDX9Dcj3JldcjNGwPq:H4mmnStRj7
Threatray 24 similar samples on MalwareBazaar
TLSH 76D45C119312C436FF93D137869AC7A65B7E5638931381DF29E06AB4B8322F3963D613
Reporter JAMESWT_WT
Tags:Lazarus

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-06-10 15:02:06 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
02ed6568159de27622ff4e378089ee54f90c1d04f24eae7eb9790749cc38b9ff
Lazarus
072b5a642b6810ae3b13de6aa8f9044d64556e6b9c0ee373a3a00969a8dcdc82
Lazarus
0f380b216cfb271182cd7ca20e0cb98e29801f22f931013aa342b11e7d22070b
Lazarus
1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d
Lazarus
24bce555546817dc9293da3c7fe25301777f365e008ef2cdd3d979c829287ec6
Lazarus
4cffbdf1d3e2016475da67b15f0ab12a9658e0970f691cebe0bd161e2e1772b2
Lazarus
ae64e86e27b074ef0869d747916c9056b5e180f37f80624019d993f2b744dd35
Lazarus
b5279796301bec9d8b3de84dff29a98dfb7cfe9d549279fddfd624b61583960f
Lazarus
d996151f4cb4abfd48fb856239ea0e2cc54ba89954586aa07a67135a0e15ad8a
Lazarus
de44283f7ccd395563808b6959085c30fad50e32d8a016b201c492f1f92e41d6
Lazarus
+ 14 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-m3lsemmwf2/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments