MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2fa62a937c51c1fd39663f04df2096b16b4cf2baf22684374acd5d2ba5d62962. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Parite


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2fa62a937c51c1fd39663f04df2096b16b4cf2baf22684374acd5d2ba5d62962
SHA3-384 hash: 057139709db0dd16760744b27b57756b3cfa5632d773915eaa72e51f68c0abfc364d70f92ed9765d0f42c546fd31efcc
SHA1 hash: 001cbe80a2231296ad0f24495e6907d16a6bb0ed
MD5 hash: c8701d27206dc29803df18b5e19743d7
humanhash: carolina-romeo-arizona-sixteen
File name:PARITE.dll
Download: download sample
Signature Parite
Create hunting rule
File size:176'128 bytes
First seen:2022-04-15 19:55:43 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash b81cc5b076e5d6fa5021192ec1a84afd (1 x Parite)
ssdeep 3072:z7XAA0vXXGNOrw/MpcjtcKZkjXlDA5PtuO6o0BZ2gBM3/7juNyfMFS:HAAiXXHcpcBXRBO6oiZyiNyfgS
Threatray 3 similar samples on MalwareBazaar
TLSH T1D80413AF187D636DCF0510B2FB73B543AD47C89877D3B3D2802A7B26666A1114A15BF0
TrID 56.8% (.EXE) Win32 EXE Yoda's Crypter (26569/9/4)
14.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
9.6% (.EXE) Win32 Executable (generic) (4505/5/1)
6.4% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
4.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter adm1n_usa32
Tags:dll Parite

Intelligence

File Origin
# of uploads :
1
# of downloads :
266
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264021/
Detection(s):
Win.Virus.Parite-9887715-0
Create hunting rule

Win.Virus.Parite-9887716-0
Create hunting rule

Win.Virus.Parite-9918302-0
Create hunting rule

Win.Virus.Parite-6840652-0
Create hunting rule

Win.Trojan.Parite-46
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6259cdd4ffe27d5119de267d/reports/69466cc5-6750-4ba4-95df-ad50f8971864/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Parite
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4d96efc0-2154-4872-853e-9763751b2d13
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/977526
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 610013 Sample: PARITE.dll Startdate: 15/04/2022 Architecture: WINDOWS Score: 68 34 Antivirus / Scanner detection for submitted sample 2->34 36 Multi AV Scanner detection for submitted file 2->36 38 Machine Learning detection for sample 2->38 40 2 other signatures 2->40 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        15 6 other processes 7->15 process5 17 WerFault.exe 9->17         started        20 WerFault.exe 23 9 11->20         started        22 WerFault.exe 2 9 13->22         started        24 WerFault.exe 9 15->24         started        26 WerFault.exe 9 15->26         started        28 rundll32.exe 15->28         started        30 2 other processes 15->30 dnsIp6 32 192.168.2.1 unknown unknown 17->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2fa62a937c51c1fd39663f04df2096b16b4cf2baf22684374acd5d2ba5d62962/
Threat name:
Win32.Virus.Parite
Create hunting rule
Status:
Malicious
First seen:
2022-04-07 21:00:00 UTC
File Type:
PE (Dll)
Extracted files:
8
AV detection:
38 of 41 (92.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=f6tcve34kha72olgh4cn6iewwfvuz4v26itiin2kzvosxjowffra._file
Verdict:
malicious
Similar samples:
38e1821b1289f087cfd17799a47081a368348fdef2c45dd216390269f8e52bb3
Parite
65c1d6ac581446d3e242def64455c75697136add0d1780325f2269307478189b
Parite
6a36cc22b3a8a071c70b9213afa2e2f685f8729e3ac5daadabbf97cecda4f104
Parite
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/220415-ynnltsdhdk/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
2fa62a937c51c1fd39663f04df2096b16b4cf2baf22684374acd5d2ba5d62962
MD5 hash:
c8701d27206dc29803df18b5e19743d7
SHA1 hash:
001cbe80a2231296ad0f24495e6907d16a6bb0ed
Link:
https://www.unpac.me/results/01362d1a-f840-4765-83aa-b8ca848f24f1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2fa62a937c51c1fd39663f04df2096b16b4cf2baf22684374acd5d2ba5d62962

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/264021/

Comments