MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3
SHA3-384 hash: b8d6d2a982d772bba6fa49dedbd42aa9c4cfc6391affec604d02a26b473910626d44de3612fe9faa33fc38f4c4b64267
SHA1 hash: 8507242a7b307c912a9a2b1595e992da05f41ea7
MD5 hash: e3659cd4b544ee02ba6f3cc307e601f2
humanhash: alaska-montana-spring-high
File name:W0rd.dll
Download: download sample
File size:192'512 bytes
First seen:2020-11-25 15:30:42 UTC
Last seen:2020-11-25 17:50:55 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d4bf80be98a2f6b0bb651ab156bf06f4
ssdeep 3072:YcIsRMkqZKpm5hK1Y0kFSzCtWVfHEeDaRWYKOfVielzH+D9:YM1T1YNF+CtufH5+c8fVdF2
Threatray 25 similar samples on MalwareBazaar
TLSH 6914BF023BD4C072DA6B0239007B9B65237A7E915BF8C9D77BE41D9E5E632D02A36347
Reporter JAMESWT_WT
Tags:dll Hancitor

Intelligence

File Origin
# of uploads :
3
# of downloads :
434
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105652/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/547102
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3/
Threat name:
Win32.Trojan.Maluco
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 15:26:44 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
33d4b93f27fa6d5f68443a35b0640269b3f6a1cfd8e0015361e462bc369b0133
3517067834c67dfe59fc941b96ef30a24c946cf9d03e0ba3ef641a5031674b54
54a1ff16fd63ead406eec7b18303d4998ff43c078dc8c4257d6ba593a3e3b24d
56e6ed39784fcc4c9b1898a672c06c83b7a3b8ffbbdf90223e52e4865fa183bc
611a159dab9ea0c0c470015c31490e77c3b3be94447fa1b227ac148228cf17e3
65c58463eaf930808c036d35954159c0631961dfcc3abaac19b5ca9d6aabf2b3
827866089f958b9df535168bc3efed843ee0d769cbe015758d90f9199f7b0d25
8e58233566c9227207f1045843d90703dda7c509a2d4b39212916a84930a2e63
90d088ada7c60c82a5881cc3dd095d8ede8b2086b4ed89fdb38872105e3c5bb4
9a25a087142a27b94b10f71bbd87bccaae81535b28563c0ceb3a2ac17814373e
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-1624gsvl4x/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3
MD5 hash:
e3659cd4b544ee02ba6f3cc307e601f2
SHA1 hash:
8507242a7b307c912a9a2b1595e992da05f41ea7
Link:
https://www.unpac.me/results/1cbc57bf-3d57-4b51-8117-050ea17280cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
XPACK
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/57120da92792471020573332d1ff30fadf4496f77e2652229c6dca7fc8685ae3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/105652/

Comments