MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
SHA3-384 hash: a29c3b034772a36ae8d65187ac7c9e2759303d96ca8e6eaef70ef779493456ffd144855b78abcc873123fe7d35b9e969
SHA1 hash: f978593d538ea3c71ba8ea2b9e14b7351a5b3f97
MD5 hash: 8e3428d6477a1230cd260c62acdb7668
humanhash: five-saturn-high-carpet
File name:load.dll
Download: download sample
File size:525'824 bytes
First seen:2021-11-13 13:37:29 UTC
Last seen:2021-11-13 15:52:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a4585b02e9865ca7dab7867b81bc3a92
ssdeep 6144:VGr7Yna6SnW7+z9Dp2m3HUjMH4y6gFxKIiq8ch9/H5WeSYnwxammoP00s579/cku:K2gn48pfGWYgbnga57ZcwDLPWtjl
Threatray 25 similar samples on MalwareBazaar
TLSH T17FB4BE8A37590DE9DDEB407DE9A3E301EA6C34A183F484D703A8A5FB4E13791543DA72
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/205454/
Detection(s):
SecuriteInfo.com.Trojan.Bazar.26.4656.19974.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/618fbfc13edf00a722d204ce/reports/b06d8e3e-5930-45fa-8965-e862032695c1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/eaf995d3-1056-46e0-aafb-7d9ecbea6297
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/888547
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Injects a PE file into a foreign processes
Machine Learning detection for sample
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for submitted file
Sigma detected: UNC2452 Process Creation Patterns
Uses cmd line tools excessively to alter registry or file data
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 521020 Sample: load.dll Startdate: 13/11/2021 Architecture: WINDOWS Score: 84 71 Multi AV Scanner detection for submitted file 2->71 73 Sigma detected: UNC2452 Process Creation Patterns 2->73 75 Machine Learning detection for sample 2->75 13 loaddll64.exe 1 2->13         started        15 rundll32.exe 2->15         started        17 rundll32.exe 2->17         started        process3 process4 19 cmd.exe 1 13->19         started        22 rundll32.exe 13->22         started        24 rundll32.exe 13->24         started        26 6 other processes 13->26 signatures5 77 Uses ping.exe to sleep 19->77 79 Uses cmd line tools excessively to alter registry or file data 19->79 81 Uses ping.exe to check the status of other devices and networks 19->81 28 rundll32.exe 19->28         started        process6 process7 30 cmd.exe 1 28->30         started        signatures8 93 Uses ping.exe to sleep 30->93 33 rundll32.exe 30->33         started        35 PING.EXE 1 30->35         started        38 conhost.exe 30->38         started        process9 dnsIp10 40 cmd.exe 1 33->40         started        42 cmd.exe 1 33->42         started        69 192.0.2.55 unknown Reserved 35->69 process11 signatures12 45 rundll32.exe 40->45         started        48 conhost.exe 40->48         started        50 timeout.exe 1 40->50         started        85 Uses cmd line tools excessively to alter registry or file data 42->85 52 reg.exe 1 1 42->52         started        54 conhost.exe 42->54         started        process13 signatures14 87 Modifies the context of a thread in another process (thread injection) 45->87 89 Injects a PE file into a foreign processes 45->89 56 cmd.exe 1 45->56         started        59 cmd.exe 1 45->59         started        91 Creates an autostart registry key pointing to binary in C:\Windows 52->91 process15 signatures16 83 Uses cmd line tools excessively to alter registry or file data 56->83 61 reg.exe 1 56->61         started        63 conhost.exe 56->63         started        65 conhost.exe 59->65         started        67 reg.exe 59->67         started        process17
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403/
Threat name:
Win64.Packed.GenericML
Create hunting rule
Status:
Malicious
First seen:
2021-11-13 02:52:47 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
0793547b9e20fcb33a61abf134a8ffad5967d58377fc432f2a1c4d9ce46aa15e
15db7f06895bdf1b299f977b5a513eea85490541fa990b02b5612b31b5a3bf68
6035d44fa6845d348946b868b93fbb60a43873f731f96ef6e8a54a9b4a73103a
6d8fcc850b8c796be3f6244f1f681332d155486bdd326ad6be78ea7172718db4
7a33388ff7dd7e507fef9fa7ed4e417af518c8a81a9d7bcd910723d16c940e76
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
b09d01a58a549aa6bb7c82061bf8e53985917794ad6a4d52ae62f05239964b59
b24e47b63ec35e9a420b9fbb64106b2f9e6e8a18676e8c79ff2ca67af06f1291
b2a4b60dd0c7e9dfa6d88e9badad810ff74c5f42054b7af22e95fb5553d67331
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/211113-qxdtzscadp/
Behaviour
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
33082f1f702c0919efd47a7c935aa3972c90f7f7419c9aa6c87492f57658d403
MD5 hash:
8e3428d6477a1230cd260c62acdb7668
SHA1 hash:
f978593d538ea3c71ba8ea2b9e14b7351a5b3f97
Link:
https://www.unpac.me/results/0a9298a3-bc2f-4768-9f6b-1d718613c701/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/205454/

Comments