MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3
SHA3-384 hash: d2c7f06419af944fb9f5a75091d0575548a8f0b699f2683ef9acbdf6af4ce84a48088c27b5e865df3c2d046c094bb5ba
SHA1 hash: 785f02c487b4772a089886125c77ed54d832d5e9
MD5 hash: fced3a968d708ebe6636f17262bfbed6
humanhash: jersey-illinois-lake-lion
File name:ccccccccccc.dll
Download: download sample
File size:277'040 bytes
First seen:2021-02-18 15:36:15 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 517c65c855775b4307dd192f74287cb7
ssdeep 6144:tOIcsgKaMCw0YKRU9LILe0pWh2oBtVybuuP+LrgXHp+US:tOIXgXPNRUlI60pvMtVyCm+igU
Threatray 4 similar samples on MalwareBazaar
TLSH 3644231F9C681682E93AB57CAE13916E5942FC3921E3DB6C6C83281DCCC3C9D18DE5D6
Reporter JAMESWT_WT
Tags:amtcheatvip

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117814/
Detection(s):
SecuriteInfo.com.BehavesLike.Win32.Generic.dc.24887.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a window
Searching for analyzing tools
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/611757
Signature
Antivirus / Scanner detection for submitted sample
Hides threads from debuggers
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has nameless sections
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-18 15:35:39 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
16 of 29 (55.17%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
146de084ff60046edb599a6f8ae1503aa2a7f39c550807e9af069c2e8c9ea34c
303c056f4b7b321431d706e01822da96149f3c5490cd7a2573eb5e6ec2f7e304
5fa108e621b0921235740af34e55a4515c4b78bc5463fcf47c92dfecec334e00
e9c665ae63c57f3e16936a31f9b1ad164705574ad95575f8b0cbcafc6a185799
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit persistence
Link:
https://tria.ge/reports/210218-h8vlgk4cba/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of NtSetInformationThreadHideFromDebugger
Writes to the Master Boot Record (MBR)
Blocklisted process makes network request
Unpacked files
SH256 hash:
49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3
MD5 hash:
fced3a968d708ebe6636f17262bfbed6
SHA1 hash:
785f02c487b4772a089886125c77ed54d832d5e9
Link:
https://www.unpac.me/results/77ff2436-5765-4db8-bb96-eaa8aea3099f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/49e86b574240ef199ca645ea210561b237992a261da9abc88383753396a3faf3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/117814/

Comments