MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50
SHA3-384 hash: 53dbfae72a95c5de6da7e71ad06189e79a62dfea8079d0699489d6241c8647cbf78d4a8450994fbe4bb86bc79ce3af07
SHA1 hash: 66e4c9becbc96c57232d38bfec01fb2b352181b2
MD5 hash: 528b762e232309e2dcad13a5d889a729
humanhash: sad-tango-wisconsin-berlin
File name:lazagne.exe
Download: download sample
File size:5'735'701 bytes
First seen:2020-06-24 13:37:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a62ff465f3ead2e578f02d3a2d749b7b (1 x LaZagne)
ssdeep 98304:pleMviSSF0Hmw+9XGbF4kW3yYXk+OR7BYrL9z8MbQsKl6Cs7IYqc30J:pleSiTUUGbZE1UnB+hz8MLKl6D9k
Threatray 20 similar samples on MalwareBazaar
TLSH 36463384B1A00CE7E972513BAD30C516F431BC17171982EB53E88A53BE777B65A7CBA0
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/13754/
Detection(s):
Win.Trojan.Lazagne-6779429-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Deleting a recently created file
Result
Threat name:
LaZagne
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/297036
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a2e947aace9e081ecd2cfa7bc2e485528238555c7eeb6bcca560576d4750a50/
Threat name:
Win64.Hacktool.Lazagne
Create hunting rule
Status:
Malicious
First seen:
2019-02-20 23:17:13 UTC
File Type:
PE+ (Exe)
Extracted files:
510
AV detection:
19 of 29 (65.52%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
00383e0cef95de02bac4a4725234f5430202e33f1d80b1dd299d682590e6d2f9
290452bb8eb4dfcc3cfb1590c8fb1b44427a3c9f0439ad5855e35bc39537a3a3
50b73c4132c9240c404a85b5d2843436fe8d5022a7104b5faeab827f558c52e4
6084cf861e6b10480c4d05cd3aefb10a92820b191d1a8813154155fa1ca7a88c
71bb29dfc07190aeace9d750fcb2e9a66a8abebab3c6d2c40eb0b3ce93e4c36f
8255cac50835b7957f99c316b18db603429583e2c9f2fe605e5a4a9f19c6e9cb
83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475
8d8a8acc157f92723bfbe61fd04220d80d171908ee97231d15fad5b5515a0b2e
9cc659b2ca813ac76fd302254522e11352627942aa96a256da9f82ea269e6d94
e8c00468964966dfdbae2de1d15a8a24b5ba4dbe7dddd482888568f4430d4db1
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/200624-mmd627xx8s/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/13754/

Comments


Avatar
Johannes Bader commented on 2021-05-17 16:19:49 UTC

This is a compiled version of the password recovery tool "LaZagne"

https://github.com/AlessandroZ/LaZagne