MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd
SHA3-384 hash: 11d89650f2594a5b64cde6f55e28ca9e80d5f719fbe570933914bde31743bfd3b3edf0d74e125ffa168c814b54f6433b
SHA1 hash: 083dcf2c765df863ee34353559a885357628e145
MD5 hash: 696ea26bda4b0fab70aa35315aa89149
humanhash: muppet-alanine-alanine-october
File name:696ea26bda4b0fab70aa35315aa89149
Download: download sample
File size:3'465'216 bytes
First seen:2022-07-14 06:58:28 UTC
Last seen:2022-07-14 09:27:18 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 32c00243248766c78e518933e661bd05
ssdeep 49152:AGtlquqIU6iiuJQu8FBL63eNOB0G5/GW9DoAPq4E7XGcvfzEAOAnE9ciPINrRTp:J+iBW3eNOBhi5WfAOJiPNr
Threatray 6 similar samples on MalwareBazaar
TLSH T11CF5AE52A3A400E8D9B7C13CC9568627E7F2B85513B09BDB06B4C6790F23BE16E3E751
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter openctibr
Tags:exe OpenCTI.BR Sandboxed

Intelligence

File Origin
# of uploads :
2
# of downloads :
159
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288675/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Running batch commands
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/62cfbf098dab2096b997f2d3/reports/48d61492-548d-4ac3-a97c-68f312d0fdc8/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1031590
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd/
Threat name:
Win64.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2022-06-19 05:26:37 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
16 of 41 (39.02%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dnrgpgt52vk6ywr4rxigigt3hsm4cetdutz5rjgck2lfxxdv5s6q._file
Verdict:
malicious
Similar samples:
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
61f1194b2b3a4dc3b4861a5a61c8dc58bce93a0ad0b18f61c8d66dbdbc04972c
73e926ed57eae4d7da49906fc5a8a0cc9507c5e3481e1146be98aaa1514773fc
afa9cfebde15f911aa345d129893fa0efcff73cb3b19fcd1ff39a252f7ac9496
dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09
fb2604c4774fabb3c38cdaa40c46cde673cb98ac2bd58c46fc9a447849aaffb7
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-hr4t8abcdp/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd
MD5 hash:
696ea26bda4b0fab70aa35315aa89149
SHA1 hash:
083dcf2c765df863ee34353559a885357628e145
Link:
https://www.unpac.me/results/7a2d2304-4eae-4734-9070-349b5e62fd31/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1b62679a7dd555ec5a3c8dd0641a7b3c99c11263a4f3d8a4c256965bdc75ecbd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2234173/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/288675/

Comments