MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b
SHA3-384 hash: 9c0f2a10e1fc393429029b423c3129cd6fc57e3fcdab8404c295f8e36fa2f9f336cbd31e4d26d93a72b1a247f9deeeee
SHA1 hash: 44df19e96aa3abb3608a0a03ee5a685722956a9b
MD5 hash: 653d9da87cae15a787ddddf10735417e
humanhash: moon-blue-whiskey-lamp
File name:libIntel1.bin
Download: download sample
Signature TA505
Create hunting rule
File size:326'656 bytes
First seen:2020-06-25 13:51:04 UTC
Last seen:2020-06-25 14:52:34 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 51f2258e979f5fb6cc29d005190ba4da (1 x TA505)
ssdeep 6144:d8pc086DAaV2J/+ZQSWiO6Tr3ITsA4EliOJZdtYiEE+gzuHSi4sUdk7llUZSzYsT:/08s8JPYa4ElF7GilO0IUyYsX8Y
Threatray 50 similar samples on MalwareBazaar
TLSH 3D64F161AA529479C5DC003063BB5FBE75787EB43B40A9CB835C05E2EC252AAFD27713
Reporter JAMESWT_WT
Tags:32b dll TA505

Intelligence

File Origin
# of uploads :
2
# of downloads :
909
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14384/
Detection(s):
SecuriteInfo.com.Artemis653D9DA87CAE.22443.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b/
Threat name:
Win32.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-06-25 13:11:29 UTC
File Type:
PE (Dll)
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=jjeem5kg2cfl4ezsxg2gqtqhcvvsk2a37aehisvwkafe74gsrr5q._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249
TA505
508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986
TA505
5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0
TA505
674cac26b5ee006a476669c6857e24a8187ef94945d521c8bbe9069ec74494ba
TA505
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
TA505
9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
TA505
acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f
TA505
c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85
TA505
ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
TA505
e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487
TA505
+ 40 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200625-r5yk86y4ve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Modifies system certificate store
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14384/

Comments