MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640
SHA3-384 hash: 82a9a0e383a2f6b5da4352d6036cf6afeb0ce9ee8fa96f6ed86f87c43d2582ee3b2cd702067d1c859afbd85f172111e7
SHA1 hash: 146dd6889a466eb940d78d0f92d55efdee982268
MD5 hash: 3c5d0b2df0f95c837c166670ecd50ad4
humanhash: august-william-charlie-florida
File name:slwsec.dll
Download: download sample
File size:527'872 bytes
First seen:2021-12-03 15:56:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60b635fb977022326636308a265fa598
ssdeep 12288:+LkpGffi1/6oMA89EB54w7ETSxdoMnsFheHa6LZ:UniU0z4w7E2xdhns2Hp
Threatray 42 similar samples on MalwareBazaar
TLSH T1A5B4AE1AFA6844B5E426D13889739646D2727C5A077097DF6368132E2F33FD05E3EB21
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
201
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
slwsec.dll
Verdict:
No threats detected
Analysis date:
2021-12-03 16:42:05 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/4f18488b-6f62-4a43-9d97-98a0f1f0fda7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/211083/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/675/overview
Behaviour
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61aa3e6047ed217c01300752/reports/52a7b01f-76b5-4656-91ff-096c682f3f9c/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9e36de88-2880-48a6-8aa1-8baf6919bb4a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/900980
Signature
Multi AV Scanner detection for submitted file
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 533495 Sample: slwsec.dll Startdate: 03/12/2021 Architecture: WINDOWS Score: 52 30 Multi AV Scanner detection for submitted file 2->30 8 loaddll64.exe 1 2->8         started        process3 signatures4 32 Tries to detect virtualization through RDTSC time measurements 8->32 11 rundll32.exe 8->11         started        14 rundll32.exe 8->14         started        16 cmd.exe 1 8->16         started        18 rundll32.exe 8->18         started        process5 signatures6 34 Tries to detect virtualization through RDTSC time measurements 11->34 20 cmd.exe 1 14->20         started        22 rundll32.exe 16->22         started        process7 process8 24 rundll32.exe 20->24         started        26 conhost.exe 20->26         started        28 choice.exe 1 20->28         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640/
Threat name:
Win64.Spyware.Bazarloader
Create hunting rule
Status:
Malicious
First seen:
2021-12-03 15:57:18 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
16 of 28 (57.14%)
Threat level:
  2/5
Verdict:
unknown
Similar samples:
086c37d38778e01644fd879d4c19b7387f6526d3d5ca408af8166207b3729f0e
58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28
69c6638c277af7f94f34c6f1ea1cee9d7cf5ee7a1e8ef0d2df527f8d6a529f5f
6a852c0f5d6e5f124298d47ec6800100bfd886b6196a722bced61f267b497a7d
7883df070b501cf6d4f167ac030820d2fa5d90bd6f48b7feacbe17e612e0475b
83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84
976ef5ced7cc6b4d30a7eed5d427dcbc70b4c14403dd53fc1caa7c5b9ac9200f
b163e34d8490c0b567d788e997d9693c9da120a21dff06de9d400c6e66386437
bec7fb70521beab8f861f0d0c5c2996c48bd26626546b12d8c08265dcbc546d7
f0718e4578b67fc0c73b03762a91abd62a071758074ac8f108a00c4cf612474f
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/211203-tdya3aghhr/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640
MD5 hash:
3c5d0b2df0f95c837c166670ecd50ad4
SHA1 hash:
146dd6889a466eb940d78d0f92d55efdee982268
Link:
https://www.unpac.me/results/4b1d6fd5-ccdc-48f4-9996-fe93474c30f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a057b438a0e8668571bc5a452f6403c246ba2def57b158db04a57b156f6b640

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/211083/

Comments