MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5
SHA3-384 hash: ec90e670b257cfa5146157184f8fb90d1999c84d85b99a8c2ba18ace16c431d916a5b88b48b0b115521b4d504edb8983
SHA1 hash: 750f7f89b89bf9d33661e11d18562d2d90b09ac9
MD5 hash: bf318b2d789a5d45c4a5863fbe0ece92
humanhash: oranges-london-steak-hawaii
File name:ChromeUpdate.dll
Download: download sample
File size:634'880 bytes
First seen:2020-07-22 10:22:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 0fa425869ebc2006b3c9df9817ff2cbc
ssdeep 12288:dEHp0FzVBmiljNMk25wEjUoBuVP6/vBAtRN0TvTV8pOCv:xMiVNMZ5wEjJVAtRN0TvTapOCv
Threatray 23 similar samples on MalwareBazaar
TLSH 20D43B3572E90064E0B3A639DAA34152EBB67E900739C6DF418072AA1F77ED19F39731
Reporter Jirehlov
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/31092/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a system process
Deleting of the original file
Result
Threat name:
Lazarus
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/394937
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 249862 Sample: ChromeUpdate.dll Startdate: 23/07/2020 Architecture: WINDOWS Score: 84 45 Multi AV Scanner detection for submitted file 2->45 47 Yara detected Lazarus 2->47 9 loaddll64.exe 1 2->9         started        process3 process4 11 regsvr32.exe 9->11         started        14 cmd.exe 1 9->14         started        signatures5 53 Writes to foreign memory regions 11->53 55 Allocates memory in foreign processes 11->55 57 Creates a thread in another existing process (thread injection) 11->57 59 Injects a PE file into a foreign processes 11->59 16 sihost.exe 11->16 injected 20 iexplore.exe 5 74 14->20         started        process6 dnsIp7 35 www.threegood.cc 193.34.167.201, 443, 49747, 49750 SNELNL Netherlands 16->35 43 Deletes itself after installation 16->43 22 WMIC.exe 1 16->22         started        25 iexplore.exe 3 144 20->25         started        signatures8 process9 dnsIp10 49 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 22->49 29 conhost.exe 22->29         started        37 edge.gycpi.b.yahoodns.net 87.248.118.23, 443, 49754, 49755 YAHOO-DEBDE United Kingdom 25->37 39 pagead.l.doubleclick.net 216.58.215.226, 443, 49737, 49738 GOOGLEUS United States 25->39 41 17 other IPs or domains 25->41 31 C:\Users\user\AppData\...\medianet[2].htm, HTML 25->31 dropped 33 C:\Users\user\AppData\...\medianet[1].htm, HTML 25->33 dropped 51 Infects executable files (exe, dll, sys, html) 25->51 file11 signatures12 process13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5/
Threat name:
Win64.Trojan.Lazarus
Create hunting rule
Status:
Malicious
First seen:
2020-07-21 21:00:00 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
04c46c55336ac40d567ef0aac98ff8424872b584ea169c1a098ced833dd9bab4
40273d18abc0d623a1798766e0d388f2f46bfa7ad535cad46098a5262382fa13
46200359aaf042b4f42a8ee7b23b1b573013d80e7335ac8fb5c870dfdd9f02d7
485c1301f4bc84bc2d274f53222cf7ca5fbd8af8728d1aaa977a6574f577fb87
7133d7e48e25500913021a3d2c6d4efa3d9ace18d9887cd899f64c3c598c037a
85b6c167b50c8d9807c80990ce88cc3bf7e4b449b7d86b347090b33d1bc0030b
9930543939f97818319ed031530d9e084994331aa4b06a304faeb321bbcc63db
c97b88ff9779d0ba8c1f0cd066bc87588cfb203cb2a922d6b52769622209e96d
d69aa1932b2e702e5065ee19da9fc9cf2b05e7dbaa617141b14eaa501a14955e
e88bac13fcccbee112f7ce5ed471fb6c71de70ae6af46d3d715e6b1e75fcad6c
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200722-avl7n7mew2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/IntezerLabs/status/1285867810527354886
Cape
Cape
https://www.capesandbox.com/analysis/31092/

Comments