MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6997a90a56cca26f8cdcf124f99b5071c640e3ac91c822aa7adeab85b5b30942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6997a90a56cca26f8cdcf124f99b5071c640e3ac91c822aa7adeab85b5b30942
SHA3-384 hash: c433050447cca8fdab29d75a9e16ea81b021e00b454201eca3a50ae6f843851cacb868dc309a018e3775150f8cb27a30
SHA1 hash: 272e22a7a60fe5dcace2de0947ab2a0445b6c68b
MD5 hash: 77be213cb9d7369bb06fa7832b709115
humanhash: artist-single-blue-sink
File name:10000000.str_join1.dll
Download: download sample
File size:288'768 bytes
First seen:2020-09-02 13:25:38 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 6528f2572e019cfeefd40ed2db0756f8
ssdeep 6144:3LKIfHgG2SM8WtoDmf6skfMoAONyxKVe7:3eIfQRgo6xbLVe7
Threatray 4 similar samples on MalwareBazaar
TLSH A8545B007482D132E4BF093689BD56AE467CBD1107A4D8EBE3D83D6E4F762D27A30967
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/457506
Signature
A
b
c
d
e
f
i
l
M
n
o
r
S
t
u
V
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 281140 Sample: 10000000.str_join1.dll Startdate: 02/09/2020 Architecture: WINDOWS Score: 48 29 Multi AV Scanner detection for submitted file 2->29 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 rundll32.exe 8->12         started        process5 14 MpCmdRun.exe 1 10->14         started        16 WerFault.exe 3 9 10->16         started        18 WerFault.exe 3 9 10->18         started        20 WerFault.exe 2 9 12->20         started        23 WerFault.exe 17 9 12->23         started        dnsIp6 25 conhost.exe 14->25         started        27 192.168.2.1 unknown unknown 20->27 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6997a90a56cca26f8cdcf124f99b5071c640e3ac91c822aa7adeab85b5b30942/
Threat name:
Win32.Downloader.Gangola
Create hunting rule
Status:
Malicious
First seen:
2020-09-02 13:25:29 UTC
File Type:
PE (Dll)
Extracted files:
5
AV detection:
23 of 29 (79.31%)
Threat level:
  3/5
Verdict:
unknown
Similar samples:
58fb11e7f6601b43803edff4369c27d9e26323f913ab76889df528c34f2dc525
6bc610ff56266525c3e96ab6f87756235f23295ec421bef974d9e163451d938d
b33b3beb75ffe4fda66b9b38e3121f1abb4b7896f99ba4f35b511c7ed63c305c
ed866e6e8e20532ff0d703f9b1cabc5a06027b8cabb02284de396a4689260a33
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/200902-2yshy89tr6/
Behaviour
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6997a90a56cca26f8cdcf124f99b5071c640e3ac91c822aa7adeab85b5b30942

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/54349/

Comments