MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133
SHA3-384 hash: 6d3bdd7ad4245e0f916d599498ef3e2b272b7acb81b91d0f2d515f509198fcf582dd0c513642a5c93460aa2268d19fdb
SHA1 hash: be5c6d339269e887ed5ffa2ba732590bd2de8f9e
MD5 hash: 56f75b36781801b4bbb253588adf8cf4
humanhash: east-mirror-neptune-cat
File name:56f75b36781801b4bbb253588adf8cf4.dll
Download: download sample
File size:313'911 bytes
First seen:2022-03-08 18:57:45 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 6144:Q2J2cK4kVljhwrjPcrHdK1j3ap/WBzMyGOpiGnEPCqnh4:H2cK4kV9W/k7MNKABzMyLi8E6+2
Threatray 12'977 similar samples on MalwareBazaar
TLSH T1A264C0E3D20F6397D81931B3B4A76836A7834F3845D47DA5E700BB4B732E8C8649C58A
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/248471/
Detection(s):
Win.Malware.Generic-9930544-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6227a7460cd58dbd9268cd6c/reports/87b54c6a-e29c-4b24-bfe0-4715065680af/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Dridex
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4844ad2c-e261-4e4e-a241-877d5cefd3d2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/952902
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 585381 Sample: G5NTmJfTan.dll Startdate: 08/03/2022 Architecture: WINDOWS Score: 52 34 Multi AV Scanner detection for submitted file 2->34 36 Sigma detected: Suspicious Call by Ordinal 2->36 14 loaddll32.exe 1 2->14         started        process3 process4 16 cmd.exe 1 14->16         started        process5 18 rundll32.exe 16->18         started        process6 20 rundll32.exe 18->20         started        process7 22 rundll32.exe 20->22         started        process8 24 rundll32.exe 22->24         started        process9 26 rundll32.exe 24->26         started        process10 28 rundll32.exe 26->28         started        process11 30 rundll32.exe 28->30         started        process12 32 rundll32.exe 30->32         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133/
Threat name:
Win32.Infostealer.Dridex
Create hunting rule
Status:
Malicious
First seen:
2022-03-08 18:58:13 UTC
File Type:
PE (Dll)
AV detection:
14 of 27 (51.85%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2ed4c30203ad5091fac0cb694f5dca3af5a591e0de6a56a0dfb51f20ba82fbc9
4e41e0a0750125693aeadde94e11f23f9b29a81b26b41463117bd39d19374f84
752cc527d4c57db8e25158c476c2cc059c688d68b869428f1c5fce651e47a4b2
8061601b31fb8b82c7f0dcf77ffbcb74a093d8e64a951cfb9d38992a4cc41913
b3f2455dbdfadfdb76026bff37d4180f90b8dcfed7ce84043e2fcef4ae33b5e1
e5607a5a103d6bc04f97ffdeea63ba4629a6f99d55d89d2b2047e6d61c539357
ee14add8eb5342d6c672dbff573b0737ac4f718f06d2881f9d319e6c806db770
+ 12'967 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220308-xmhthsafh6/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133
MD5 hash:
56f75b36781801b4bbb253588adf8cf4
SHA1 hash:
be5c6d339269e887ed5ffa2ba732590bd2de8f9e
Link:
https://www.unpac.me/results/d13572ff-3184-4427-88c9-19b686999ae9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 38f718205cc8a5fe8fe640cf216b53739342248d16716ceb5181ca5e1683c133

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1902414/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/248471/

Comments