MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f3129e7343d1dee0695d18f265f88610ec1c04132be5d1888993278daf8920e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SDBBot


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f3129e7343d1dee0695d18f265f88610ec1c04132be5d1888993278daf8920e
SHA3-384 hash: 3a8c045630c91695857ed1706fe654af0be1718af3a3512b099610cef8ca925b5724e1b589f8d1ca9b704b74d76cf464
SHA1 hash: 7806a9816cd1724379f7927c699f3042ad39fc52
MD5 hash: 8c8e952ec80e5080acc984c8ca16f054
humanhash: florida-high-may-uncle
File name:host.dll
Download: download sample
Signature SDBBot
Create hunting rule
File size:527'872 bytes
First seen:2020-08-12 18:53:31 UTC
Last seen:2020-08-12 20:01:27 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 674e3cf0e90a7dbd08b944f78def27ed (2 x SDBBot, 1 x TA505)
ssdeep 12288:VG/fmngkv9MS54A60mCi66j6ru7eaRmPQ2IZgitnLdH33rpvg:c/fmnnSac9Cx6sPXoiiFLdHr
Threatray 47 similar samples on MalwareBazaar
TLSH D3B4E16547838946C4F708F4E9CA1EB6B591C3C8836439F69A729C36BD772FC31712A4
Reporter James_inthe_box
Tags:dll SDBBot

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44479/
Detection(s):
SecuriteInfo.com.BScope.Trojan.Zpevdo.17008.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Sending a UDP request
Result
Threat name:
SDBbot Installer
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/423701
Signature
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Yara detected SDBbot Installer
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 264327 Sample: host.dll Startdate: 13/08/2020 Architecture: WINDOWS Score: 56 16 Yara detected SDBbot Installer 2->16 18 Machine Learning detection for dropped file 2->18 6 loaddll32.exe 1 2->6         started        process3 process4 8 rundll32.exe 3 4 6->8         started        11 rundll32.exe 6 7 6->11         started        file5 20 Creates an undocumented autostart registry key 8->20 14 C:\Windows\SysWOW64\mswinload0.dll, PE32 11->14 dropped signatures6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f3129e7343d1dee0695d18f265f88610ec1c04132be5d1888993278daf8920e/
Threat name:
Win32.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 18:53:10 UTC
File Type:
PE (Dll)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=j4ystzzuhuo64buv2ghsmx4imehmdqcbgk7f2geitezhrwxysiha._file
Verdict:
malicious
Similar samples:
23cfbb0bf1e110a79678f45c29897e6090b660d3df420bbb916fc3f1bc12eead
SDBBot
268953af63bad4895dd06c024fd1ec2af2c134623a0e100e26894e4d6bab741e
SDBBot
450b38b821f51f8f5726d5be617b4105563038b9e367cb312197a1a56a895a53
SDBBot
5fe990b47a89cb773beffa3a94bd2b48cd53fb7591af02d583d1783eeff7a442
SDBBot
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
SDBBot
75fa551eec71d6d8b9817266813715c2bbb7a537005587f9f1e0d058a05febc6
SDBBot
ac839669e7e0d6b42bf9517cc6f4db88c9eacc678df15c1c45be1771309cb020
SDBBot
bc56a888670e5f283189a902abbc9f57a808a66b2938fde1480509c2cb265841
SDBBot
c72abb73f39b466cd8b230c1fd9d6c1bf46573db11038eaa407d47976eb317eb
SDBBot
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
SDBBot
+ 37 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence
Link:
https://tria.ge/reports/200812-4mlzmww186/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Sets file execution options in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.29
Link:
https://yomi.yoroi.company/submissions/4f3129e7343d1dee0695d18f265f88610ec1c04132be5d1888993278daf8920e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/44479/

Comments