MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986
SHA3-384 hash: 4c3ba372c1a1d0d93fd8704ea9d100736ce71e3a98252b34c560898a22a3884ce2d4ff1ae523babf8951e5c4e305c14c
SHA1 hash: b38329aa3d66642348c8085484923ee5751bead9
MD5 hash: 6134668639d9e3d250b1c4cdc0b2a01d
humanhash: music-early-purple-india
File name:libIntel1.bin
Download: download sample
Signature TA505
Create hunting rule
File size:326'144 bytes
First seen:2020-06-26 13:39:52 UTC
Last seen:2020-06-26 14:56:01 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash f31b070560007272447e5171725d7931 (1 x TA505)
ssdeep 6144:1E2/Mr1/fa4xDIaHUcS8ivXge9ZG0CRW3tdI83vwamf/eHpTVgj:fMrxv0mu79ZG/ITIamR
Threatray 52 similar samples on MalwareBazaar
TLSH EC64F12D5AD28A79F8E4007C24E72751A4E08DE83F5160C37B866CA59E382D9787F737
Reporter JAMESWT_WT
Tags:32bit dll TA505

Intelligence

File Origin
# of uploads :
2
# of downloads :
920
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14927/
Detection(s):
SecuriteInfo.com.Artemis6134668639D9.27552.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986/
Threat name:
Win32.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-06-26 13:41:04 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcgxqb2iovdu4jmunbt3jlkf2rlraggnqatlonzq4pg4mmwgzgda._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249
TA505
4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b
TA505
5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0
TA505
674cac26b5ee006a476669c6857e24a8187ef94945d521c8bbe9069ec74494ba
TA505
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
TA505
9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
TA505
acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f
TA505
c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85
TA505
ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
TA505
e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487
TA505
+ 42 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
evasion spyware trojan
Link:
https://tria.ge/reports/200626-1x6m74q3t6/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14927/

Comments