MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


BazarCall


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e
SHA3-384 hash: de3292a492c6276a7c94391c71c9e178c96a58445c51511767bfd94322a089c69f78328cbb8ed0ac40690d45b4a52b77
SHA1 hash: 9e040a66ca4010798dbee238e16560549aa5a860
MD5 hash: d3e6640ebe73f0e428deba4768db48bf
humanhash: bacon-maine-utah-october
File name:SecuriteInfo.com.Trojan-Dropper.Win32.Dinwod.gen.25026.5145
Download: download sample
Signature BazarCall
Create hunting rule
File size:209'408 bytes
First seen:2021-03-25 08:49:59 UTC
Last seen:2021-04-01 03:27:24 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 3145559a722d2ee9b4642f4f5467a102 (1 x BazarCall)
ssdeep 3072:jK2jkIXHA6Lo5xCv7m4yVRkt28iGm9neQd2ynsU9iflCna1WTBft4BnyMbGcq9Zh:jHbaBIt2JGmNetIi9Ca1WTBcacqFCU
TLSH 18248D00B180E136E5BF193689FADA7E062CBA110F54EDDB63CC4E7A4F615D1BA3185B
Reporter SecuriteInfoCom
Tags:BazarCall

Intelligence

File Origin
# of uploads :
2
# of downloads :
121
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan-Dropper.Win32.Dinwod.gen.25026.5145.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending an HTTP POST request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/653544
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 375710 Sample: SecuriteInfo.com.Trojan-Dro... Startdate: 25/03/2021 Architecture: WINDOWS Score: 48 15 Multi AV Scanner detection for submitted file 2->15 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 rundll32.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e/
Threat name:
Win32.Dropper.Dinwod
Create hunting rule
Status:
Malicious
First seen:
2021-03-25 07:55:50 UTC
AV detection:
9 of 48 (18.75%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mhlvjx2uf7t3de7w5shlwwxmrns5dvglkh2qjyvfoj4c5jnzukpa._file
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/210325-q3jhw47j32/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
6249626413207f0d72ef95358ee2b4e7f5969904e126b762a98e04d99228de9a
MD5 hash:
ade59473bde7f431d78482d2370f067a
SHA1 hash:
6b44fd91c9421ee3111bfddb2177b4f6630ee51e
Link:
https://www.unpac.me/results/0b704fdb-f37a-4104-b6c9-c7910aa5f424/
SH256 hash:
61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e
MD5 hash:
d3e6640ebe73f0e428deba4768db48bf
SHA1 hash:
9e040a66ca4010798dbee238e16560549aa5a860
Link:
https://www.unpac.me/results/0b704fdb-f37a-4104-b6c9-c7910aa5f424/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

BazarCall

DLL dll 61d754df542fe7b193f6ec8ebb5aec8b65d1d4cb51f504e2a572782ea5b9a29e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1090325/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1090326/
  
URLhaus
https://urlhaus.abuse.ch/url/1090327/
  
URLhaus
https://urlhaus.abuse.ch/url/1090328/

Comments