MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0
SHA3-384 hash: e739a5a2da95bc4b93596c07613ce693af0ba88e4644a7737f2a9bd3b5d07083f666b219c378b35460c9793646c61926
SHA1 hash: 05d94546a5844ec26c25ded9b72186a90743d74e
MD5 hash: dc0c9afb7b7359fa320bedac6d0ea07e
humanhash: robert-potato-dakota-colorado
File name:libConfig1.bin
Download: download sample
Signature TA505
Create hunting rule
File size:328'192 bytes
First seen:2020-07-02 12:16:32 UTC
Last seen:2020-07-02 12:52:39 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 50b4f168c36368e7db8e40cc14302a8d (1 x TA505)
ssdeep 6144:u0GHgZ8p007xn/myfv1aFffTKcJcZyU5wnP2Rxf:MgZ4F/5FaFXW+dPo
Threatray 54 similar samples on MalwareBazaar
TLSH 9A64F100E650C875C5AD093916D36F4E25AE3FF0271564E31B250AE4FD3A9DEFA2B31A
Reporter JAMESWT_WT
Tags:32b dll TA505

Intelligence

File Origin
# of uploads :
2
# of downloads :
850
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18441/
Detection(s):
SecuriteInfo.com.Variant.Razy.590748.31115.13556.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b0334f87cdd0689007412142c2d22e362f252df22eb5ea5b4898710b59e1bb0/
Threat name:
Win32.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 12:18:08 UTC
File Type:
PE (Dll)
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=lmbtj6d43udisaducikcyljc4nrpeuw7elvv5jnurgdrbnm6doya._file
Verdict:
malicious
Label(s):
trickbot
Create hunting rule
Similar samples:
0d4f2d354fd2aca85b2719d749eb88c1f444309ae27f3824f0faac8bdbfa4249
TA505
4a48467546d08abe1332b9b4684e07156b25681bf808744ab6500a4ff0d28c7b
TA505
508d78074875474e25946867b4ad45d4571018cd8026b73730e3cdc632c6c986
TA505
7f172333be3f806df4d6f8c250c6fe57edf47cce60b8e2525133de1ef81ebeea
TA505
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
TA505
9dd13e02121ff016438f0540d169df51ac44527eabc4116143d6e0b569dc1f99
TA505
acd7214a4c37bbfd55ea244080769e4c0daf59edb47b3abcddcf5874cdb3054f
TA505
c8e25ee1363bbd595f4783537fc1028f427a8ed0d7a1940dab3bd67abfc53f85
TA505
ce0f73cf6d1f1ed4fd3e15c7fd70a6581215a93e6a45cdf2e64af68c4c1993af
TA505
e35b9feacfba1df802f9ed242775361f4317c22782f4e9e2dddd095577a72487
TA505
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200702-jlxzvmxchn/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/18441/

Comments