MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c05707de780f92a6d29dd9610e5f23cdc3a4f9fba9ef5902fac72abc56bd26c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c05707de780f92a6d29dd9610e5f23cdc3a4f9fba9ef5902fac72abc56bd26c
SHA3-384 hash: fdf0fe5b28305a9009897c50db405dd03849c85613a97e4954b95dbafc22636ad3db92a447f2bdd0e922cd20102becf1
SHA1 hash: 058e9ab8154d8859d3e146e65c59e40e98cfc2ac
MD5 hash: ddfb8027a48011b1fece0866154fa852
humanhash: timing-don-lemon-florida
File name:DPGCCCdDNL.dll
Download: download sample
File size:374'016 bytes
First seen:2020-08-11 08:48:35 UTC
Last seen:2020-08-11 10:04:04 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 4bd626b885b566d71bc77a44daf9c6de
ssdeep 6144:ggMQI/g0ciacZ0+UbfYHjse4WOhUA+ug/hbSfn6kUid90ivO0JYLniVdjJmd06Fb:g3QI/DZ0D0H48JApg5bK6I097iVdj4d3
Threatray 317 similar samples on MalwareBazaar
TLSH 4984DF5229C3DD2ADDDB36B0A28DC96A2C570734529C70037B610D1FB6B9893C52BF93
Reporter Jirehlov
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Variant.Razy.718361.19844.18554.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Creating a file in the %temp% directory
Sending a UDP request
Delayed reading of the file
Creating a file
Deleting a recently created file
Moving of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/418146
Signature
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 261334 Sample: DPGCCCdDNL.dll Startdate: 11/08/2020 Architecture: WINDOWS Score: 56 38 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->38 9 loaddll32.exe 1 2->9         started        process3 process4 11 regsvr32.exe 17 9->11         started        16 cmd.exe 1 9->16         started        dnsIp5 36 suqport.top 54.36.185.108, 443, 49746 OVHFR France 11->36 26 C:\ProgramData\Local Tempary\d9d11x.exe, PE32 11->26 dropped 40 System process connects to network (likely due to code injection or exploit) 11->40 18 iexplore.exe 14 83 16->18         started        file6 signatures7 process8 dnsIp9 28 192.168.2.1 unknown unknown 18->28 21 iexplore.exe 5 154 18->21         started        process10 dnsIp11 30 edge.gycpi.b.yahoodns.net 87.248.118.23, 443, 49789, 49790 YAHOO-DEBDE United Kingdom 21->30 32 pagead.l.doubleclick.net 216.58.215.226, 443, 49768, 49769 GOOGLEUS United States 21->32 34 19 other IPs or domains 21->34 24 ssvagent.exe 501 21->24         started        process12
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c05707de780f92a6d29dd9610e5f23cdc3a4f9fba9ef5902fac72abc56bd26c/
Threat name:
Win32.Spyware.Gazvas
Create hunting rule
Status:
Malicious
First seen:
2020-08-11 08:50:09 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
380a0d5b3d5ae9eb9a53cf5bb4fe1737de62020e4f0ec5f56ee601bf8a884d1b
38d3f45c15d354a76eaa73d2da717165dee22b8207fa87088685486019ff482d
450b38b821f51f8f5726d5be617b4105563038b9e367cb312197a1a56a895a53
4e14841c96a09f5850d1cf5fcb3526714c22d7174e3f75c8a309d8db36ecef93
9ad7ce27ce7da3c4b2639771869b20b78fff34f32dab3355c2be2980e708ab07
a9a117ae98fd5a5f90a2058461be2dc525bde25a920d9acaeae2490633587392
b61d3d1fbd98a10bd0f050173ca38941fb11b859872894b88bca7cfdd5cd2597
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
d1eb54cb3aa9ba1fc585cf676c4a814b11786b962da1b1959768794d281084ab
f0e91f423775ca9ba80077774a4de1a212e890d285bdb587b003d57ba0f68b1c
+ 307 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200811-ef6q62hkq2/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Tnega
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c05707de780f92a6d29dd9610e5f23cdc3a4f9fba9ef5902fac72abc56bd26c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/43194/

Comments