MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3149e5bba6530fa8acbf36367fd05f0eb2ee98352c2ed59aef316c28f0663d76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3149e5bba6530fa8acbf36367fd05f0eb2ee98352c2ed59aef316c28f0663d76
SHA3-384 hash: e2ef03512b19d8299b32c74823c18f354c1b887af871528f4d3585005733fbc9cf5f0019ed64b75ce2846a8418505b90
SHA1 hash: 000caac77a724fe2fad711c7420c589d37ef7ca4
MD5 hash: 43a95ee1ddadeae9c4ef572605bfca5e
humanhash: lactose-victor-romeo-five
File name:rp0.tif.decode
Download: download sample
File size:55'296 bytes
First seen:2020-10-13 15:43:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 768:4lPD5R2Ox+yW18FopoltlQ8DR36PMtv1OZQVvI29eT9sW:2RnnyEYGL368v1oKW
Threatray 358 similar samples on MalwareBazaar
TLSH 13432C4A36897DDEC47A8932BB761ED0D758AD66430BD21F94C726ACD93D483BE003E1
Reporter srcr
Tags:exe


Avatar
srcr
Sample source: http://groups.us.to:69/rp0.tif (base64 decoded)

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70546/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/490019
Signature
.NET source code references suspicious native API functions
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3149e5bba6530fa8acbf36367fd05f0eb2ee98352c2ed59aef316c28f0663d76/
Threat name:
ByteCode-MSIL.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2019-01-31 13:32:29 UTC
File Type:
PE (.Net Dll)
Extracted files:
14
AV detection:
21 of 31 (67.74%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
119d234e1f826adac6d68a614251fb9d1a20a4368102068ea030731372546f3c
162a5aa5e6e0298edbae1a494d2a3e177f0fb42b1c2e35eaecdbe1715d519694
7ab6c1c3a7a17efd178fe8367f86cab68c383d184b2dded8f5504e89e257702b
89c43fa14d007c940ad21716efe6c4ce18b38dc94a8c457138422c93697751b6
940319fc3b9389a58d0684a38e921b2283f06cd7c5f96e357428008ecfbd427e
98f14edea3c84946787d020e97f6b161cae2ed419e458434413626b9893c6f62
bcaa63ef1ed52c23a1a502fb74841dc79dfaa928e9367f22ba4412c0f0aff90e
c5e0aca5108536d030a5ca781ae1610f8868d67082e35bf3ba3123f333dd27a3
dc66eb80a4d03ca5ccedc75ff42840c6c8fe9518d73483bd14e042bd5e466938
ee1c8099b910ee2f0be7f94f201846827bb1f886d14d1ce7ab666d985f56f80f
+ 348 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201013-m2galete4x/
Unpacked files
SH256 hash:
3149e5bba6530fa8acbf36367fd05f0eb2ee98352c2ed59aef316c28f0663d76
MD5 hash:
43a95ee1ddadeae9c4ef572605bfca5e
SHA1 hash:
000caac77a724fe2fad711c7420c589d37ef7ca4
Link:
https://www.unpac.me/results/156be3ef-2ce1-4fd9-b3ce-6775a03f5fe6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3149e5bba6530fa8acbf36367fd05f0eb2ee98352c2ed59aef316c28f0663d76

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/70546/

Comments