MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43100547d1d170118905269dc5c5653566ae4fb68cdf566c52c61dad9711cfa9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43100547d1d170118905269dc5c5653566ae4fb68cdf566c52c61dad9711cfa9
SHA3-384 hash: d8acc1d5f8f5392883aa505a19cb074b895aee503ca5fdf0ca222379362cd1634d7967c6b0ec0289ae3a62601483b5e9
SHA1 hash: af209b61eb749eea1a2120c7648cc15df17f427f
MD5 hash: 46c52ddab4a5c2ddc01f7ffc9ebbd24b
humanhash: kentucky-island-hamper-shade
File name:tanked.dll
Download: download sample
File size:1'497'600 bytes
First seen:2021-05-27 06:02:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4c723d6b389aa537ce6b4dd647402524
ssdeep 24576:9j/X+eSUPYNN7BV4nHdm2P+ZOX1bbtj6p7WnjF/PC:h/XrPY7NUHdm2Wc9wpaE
TLSH 7865338F5F517198C98CDBF9D84C44BD1BF2537A96321F4635D80C04F1A6AB0EA0AAED
Reporter adm1n_usa32
Tags:dll tdss

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
tanked.dll
Verdict:
No threats detected
Analysis date:
2021-05-27 06:05:50 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/35c06bb2-ca73-4145-bd01-92703288dc40

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/162634/
Detection(s):
SecuriteInfo.com.Win32.Cryptor.3485.30537.13831.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/793034
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43100547d1d170118905269dc5c5653566ae4fb68cdf566c52c61dad9711cfa9/
Threat name:
Win32.Rootkit.TDss
Create hunting rule
Status:
Malicious
First seen:
2011-06-04 06:28:00 UTC
AV detection:
34 of 40 (85.00%)
Threat level:
  4/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/210527-laft7nzn86/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Enumerates connected drives
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/43100547d1d170118905269dc5c5653566ae4fb68cdf566c52c61dad9711cfa9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IMPLANT_4_v5
Create hunting rule
Author:US CERT
Description:BlackEnergy / Voodoo Bear Implant by APT28
Reference:https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE
Rule name:Keylog_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Contains Keylog
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/162634/

Comments