MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6
SHA3-384 hash: 17443e77416a710fcf083334236661d6e896fca22bc4a7404e1c088787c5346022f7a9829c40611e96f941bcd91eb1a1
SHA1 hash: b49f31a7d8f68ca307f3d0abcf4d05313ee2b844
MD5 hash: 479dae0f72f4d57bd20e0bf8cb3ebdf7
humanhash: lion-paris-kitten-bluebird
File name:090921.dll
Download: download sample
File size:392'374 bytes
First seen:2021-09-13 17:06:13 UTC
Last seen:2021-09-13 21:09:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b81137a1352701b5991fbab2173284c
ssdeep 3072:80QXXzUY3z5Volw9sShsB1NJt8TBg7R7A+aMk6/WbM6o2FrMKhmvSIinUqezz:80sVj/ol8YLL6+aMk6/GM6LGKZnUD
TLSH T14784AE7637C2B131F5CA24FDBB8916F1B85FD11C8C284726BA88BA9EF41A1E1C5241CD
Reporter ffforward
Tags:dll exe SQUIRRELWAFFLE tr

Intelligence

File Origin
# of uploads :
2
# of downloads :
152
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/187525/
Detection(s):
SecuriteInfo.com.ML.PE-A.32764.6704.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm overlay
Link:
https://www.filescan.io/uploads/617503c99a5a1e91c5d1fd34/reports/76a11be5-a7d7-479b-a4c1-d54d80c40d12/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c3ed4a9e-50ae-49d6-a57d-dcda7f4f8f00
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/850019
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6/
Verdict:
unknown
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/210913-vmy5dshcak/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Unpacked files
SH256 hash:
1d8efc7665bc83f1d7fe443ef4ce6c52eb4829769de0f7fb890b5b12bbcb92bd
MD5 hash:
1cfb3b43089741950a7bb53afc8a6c2f
SHA1 hash:
4b4f2e7006287e9fd8177869c00a8cd2be560058
Link:
https://www.unpac.me/results/c6ba28e6-7b3f-41c1-a6dd-249cc8c1286d/
SH256 hash:
4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6
MD5 hash:
479dae0f72f4d57bd20e0bf8cb3ebdf7
SHA1 hash:
b49f31a7d8f68ca307f3d0abcf4d05313ee2b844
Link:
https://www.unpac.me/results/c6ba28e6-7b3f-41c1-a6dd-249cc8c1286d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 4f68558fb7a921b837926ca4e87fecba073f551a44c88109453a1a8099d003b6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1616739/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/187525/

Comments