MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d07b32a7e2d4cc14cdd24795e40c66aa4253f8fdd810ba43ac33e2ae2107c0b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Valak


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d07b32a7e2d4cc14cdd24795e40c66aa4253f8fdd810ba43ac33e2ae2107c0b
SHA3-384 hash: eae0da79cc349a00d318feefc3ab4f26b65dc2caf13ea57d1ae91b98104a90fbe7e0c7ccaf898b74b6428f3bf186b599
SHA1 hash: 2f37f11e26b60b4b7b7ac3fb54093c15af639840
MD5 hash: c94194485cd6ee22cd5b71f1418a8c78
humanhash: high-low-seven-item
File name:Valak (6).cab
Download: download sample
Signature Valak
Create hunting rule
File size:294'912 bytes
First seen:2020-06-09 18:36:31 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 196e503cd8139470d1372c7b52f7b869 (8 x Valak, 2 x Gozi)
ssdeep 6144:TfFdSOEHc3c438nZS8sFlAn3b963RQz4RDko8PVV6FU2obB2Bf:zFFE83cnZrsfsr96WEkLT6Fsd2Bf
Threatray 617 similar samples on MalwareBazaar
TLSH 5B54D0D13680A1B0E15F893D9030E17282BDBC51AF10DD96B7C606BB2E364F69E55FA3
Reporter JAMESWT_WT
Tags:Valak

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'851
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.PrivateExeProte-11
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-06-09 18:38:07 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
24 of 31 (77.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=dud3gkt6fvgmctg5er4v4qggnksckp4p3waqxjb2ym7cvyqqpqfq._file
Verdict:
malicious
Label(s):
gozi
Create hunting rule
Similar samples:
093f26aaf7be729722ab6cb2702a093c8fb299d719ebbfc5ac9615e249de613d
Valak
09f9d0b09945af8d89176503973dac5904cb109faeb369456767273f6ad020f7
Valak
4c9358b1b8b94ee6cc0142aef62a24507e44985d61c85b041f3e337021ac4488
Valak
7c595d596ff5d190ebc057e41424a433e592d3f894fb913e7722eda0cba3913d
Valak
a0a2a5c5de14959481b9469a5dc41e5a24bf9d9e4670ff22e2b30d9c5235bf5e
Valak
ab3b49d2f76c579accf730ad4d9cb36184f3a28eb6921ff397cad82f0af5691f
Valak
b1e5983b2cb7e5b79e15dfbf0c2264f590910cec07c3bf7696b85c89160602f5
Valak
d656774897240bb30faada488a1f2fe89a4bb36421bf07cea3accfb83a13efd1
Valak
e12b6f01fcb11b26875c325bc928a86f89c0f184d19917a3a4fc65fa6ec4a588
Valak
e4093649633b05316196a275bd0845829d0e9a63a78943977f96770b3e74a7f1
Valak
+ 607 additional samples on MalwareBazaar
Result
Malware family:
valak
Create hunting rule
Score:
  10/10
Tags:
family:valak Loader
Link:
https://tria.ge/reports/201109-g1kpwefltx/
Behaviour
Suspicious use of WriteProcessMemory
JavaScript code in executable
Valak
Valak JavaScript Loader
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments