MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4
SHA3-384 hash: 02c74abd6baffb644f971ea433d7b8c9c640a42dd2b3018c09e46f1f59c31c7f4e2534673856fcfac34d28ff40304a35
SHA1 hash: a03795d657634144187b24971ecbb9e794131eee
MD5 hash: a4e28afc3642a837ca14fcf6719cf97e
humanhash: november-october-magnesium-xray
File name:HVNC.dll
Download: download sample
File size:94'720 bytes
First seen:2023-04-10 06:04:30 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 2be9fd94ed3a0f609abd1ef60299ee92
ssdeep 1536:kS0ZG4UMpzNFj5OKAWmlrYZRJmnPeUsgqzbLMsNOxBznt:kSAbAKAWmqYnPeUstzDMxBzn
Threatray 6 similar samples on MalwareBazaar
TLSH T11A938C15B65192FEF4F6503824EFBB72827A732497680CD3DE9B3E4458026D27B3634A
TrID 45.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.4% (.EXE) Win64 Executable (generic) (10523/12/4)
9.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter lazydaemon
Tags:dll hvnc TA505

Intelligence

File Origin
# of uploads :
1
# of downloads :
271
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/381167/
Detection(s):
SecuriteInfo.com.Variant.Lazy.285674.20904.15057.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
formbook lokibot shell32.dll
Link:
https://www.filescan.io/uploads/6433a70ff0b95b71d79e0023/reports/a9bdc5bd-95bc-4e67-b0a5-93231c22b3d0/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4be0aa6d-92eb-4d4f-87d4-bcc21904b1a4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1211012
Signature
Contains functionality to modify clipboard data
Found evasive API chain (may stop execution after checking computer name)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 843928 Sample: HVNC.dll Startdate: 10/04/2023 Architecture: WINDOWS Score: 64 23 Multi AV Scanner detection for submitted file 2->23 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 1 7->9         started        13 rundll32.exe 7->13         started        15 cmd.exe 1 7->15         started        17 conhost.exe 7->17         started        dnsIp5 21 64.52.80.210, 443, 49697, 49698 WINDSTREAMUS United States 9->21 25 Found evasive API chain (may stop execution after checking computer name) 9->25 27 Contains functionality to modify clipboard data 9->27 29 System process connects to network (likely due to code injection or exploit) 13->29 19 rundll32.exe 15->19         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4/
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2023-04-10 06:05:07 UTC
File Type:
PE (Dll)
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c4ur7rc5ynbkntsdbhouw56nbfgfmt5nctbbfpfie53q3l3sa7ka._file
Verdict:
malicious
Similar samples:
1560ff3abacb50dc796f76eada2f8d8c020fa3e4a1f57b806029f44fca5682ae
5579d51b343f1b16ee7f6533f18e7d513c90a330500b68a48541e891258cc8ff
7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce
caaea7ec83956a823420a78dec430fddb5db65d9fa4bc6555659b9b0c05c817a
e14ee6302076a2bb9e5634407500757319d5de9c45305ec6269120b7283b24cf
e4edb4cc8f35c7bab6e89774a279593d492714fce9865e53879f87d3704ad96c
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230410-gs6vjahd4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Blocklisted process makes network request
Unpacked files
SH256 hash:
17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4
MD5 hash:
a4e28afc3642a837ca14fcf6719cf97e
SHA1 hash:
a03795d657634144187b24971ecbb9e794131eee
Link:
https://www.unpac.me/results/a984ea09-0b4d-4798-b748-4b36f0ee78f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/17291fc45dc342a6ce4309dd4b77cd094c564fad14c212bca827770daf7207d4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/lazy_daemon/status/1645156714688200708
Cape
Cape
https://www.capesandbox.com/analysis/381167/

Comments