MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13028dc671471f58b2f2845a40a75dd3002a8c225a676a42236e320b7edc1d3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13028dc671471f58b2f2845a40a75dd3002a8c225a676a42236e320b7edc1d3e
SHA3-384 hash: 91d709053865ff666b6d6116d2dfc07a60033ee5ba91b2d2ac99fbb6a4629fd5600300dc827f623b488c897a67da7947
SHA1 hash: 18d0a75e404151ca58fc551d8e280ae9326d6dd3
MD5 hash: 2d509112a7d74a1ad88b428ec15b0e27
humanhash: comet-winter-monkey-william
File name:file
Download: download sample
File size:1'396'736 bytes
First seen:2023-07-13 14:39:49 UTC
Last seen:2023-07-20 08:37:33 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 64cdc8bf79afa657b0db88aceaa57868
ssdeep 24576:COTyX607qIkuZO7nkjfxhJvd2xGOBomFdFMd2h0ZzOo+mmf3RSRBFFlOR:gq07qbbk7xxOBoYFMd2h08og5IFu
TLSH T16055F116409B4C8BE4B4FBFF7519377880CADBAD99F4B12D1C12AFC42C289E115991AF
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Reporter andretavare5
Tags:dll


Avatar
andretavare5
Sample downloaded from https://vk.com/doc808950829_664214150?hash=VHuOhHuJu0WZw4Q8sZJ74y6V5tL76wJycF3ZnbH3DnD&dl=4rsRFdYScX9WbsrqzkRHionlzSV684Q8T0Gp4An1Kl0&api=1&no_preview=1#cpl

Intelligence

File Origin
# of uploads :
3
# of downloads :
298
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/417638/
Detection(s):
SecuriteInfo.com.Variant.Lazy.361116.27271.25920.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
lolbin packed shell32
Link:
https://www.filescan.io/uploads/64b00cc3057bff26cf23764f/reports/6783a4b0-0eaa-406f-b2d0-7108a47fe910/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/13028dc671471f58b2f2845a40a75dd3002a8c225a676a42236e320b7edc1d3e
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/109d0f18-cf9d-4e50-b514-64f8e7643574
Result
Threat name:
Dridex Dropper
Create hunting rule
Detection:
malicious
Classification:
evad.bank
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1272559
Signature
Dridex dropper found
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13028dc671471f58b2f2845a40a75dd3002a8c225a676a42236e320b7edc1d3e/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-07-13 14:40:06 UTC
File Type:
PE (Dll)
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cmbi3rtri4pvrmxsqrnebj252macvdbcljtwuqrdnyzaw7w4du7a._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230713-r1vgksaa3w/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
13028dc671471f58b2f2845a40a75dd3002a8c225a676a42236e320b7edc1d3e
MD5 hash:
2d509112a7d74a1ad88b428ec15b0e27
SHA1 hash:
18d0a75e404151ca58fc551d8e280ae9326d6dd3
Link:
https://www.unpac.me/results/47d0126b-9c19-420b-984f-ac3e689e2983/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Dropped by
PrivateLoader
  
Delivery method
Distributed via drive-by
Cape
Cape
https://www.capesandbox.com/analysis/417638/

Comments