MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3
SHA3-384 hash: 34054e7f7f6fe60afd581c559a104d0caca8d43a3361cd12ef151c80a39dbd8bc2443cffb05f262eb9ee223b9ae7a187
SHA1 hash: 0cef726abfbc0dcfee3b628413f42feae6372826
MD5 hash: 213304b0ca321dd76baa042cdcd1608d
humanhash: floor-salami-mississippi-neptune
File name:SecuriteInfo.com.Trojan-Spy.Agent.24113
Download: download sample
File size:204'800 bytes
First seen:2020-10-01 17:41:22 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f56213a9042e555c2b3f71055d832975
ssdeep 3072:OU6ij4qpXqnnDibAJBVk39uY5A53DbefGs:OTqp4nwEFY5A53D
Threatray 15 similar samples on MalwareBazaar
TLSH B0145A0272D64674F4E716715BABD362CA32FC699563841B4385390F6CF26A8A7233F3
Reporter SecuriteInfoCom

Code Signing Certificate

Organisation:Symantec Time Stamping Services CA - G2
Issuer:Thawte Timestamping CA
Algorithm:sha1WithRSAEncryption
Valid from:Dec 21 00:00:00 2012 GMT
Valid to:Dec 30 23:59:59 2020 GMT
Serial number: 7E93EBFB7CC64E59EA4B9A77D406FC3B
Intelligence: 85 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 0625FEE1A80D7B897A9712249C2F55FF391D6661DBD8B87F9BE6F252D88CED95
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/67476/
Detection(s):
SecuriteInfo.com.Trojan-Spy.Agent.24113.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
29 / 100
Link:
https://www.joesandbox.com/analysis/479627
Signature
/
a
C
d
e
f
i
l
m
n
o
p
r
s
t
u
y
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 292253 Sample: SecuriteInfo.com.Trojan-Spy... Startdate: 01/10/2020 Architecture: WINDOWS Score: 29 6 loaddll32.exe 1 2->6         started        process3 8 rundll32.exe 6->8         started        11 rundll32.exe 6->11         started        13 rundll32.exe 6->13         started        15 15 other processes 6->15 signatures4 28 Contains functionality to detect sleep reduction / modifications 8->28 17 WerFault.exe 2 9 11->17         started        20 WerFault.exe 9 13->20         started        22 WerFault.exe 23 9 15->22         started        24 WerFault.exe 15->24         started        process5 dnsIp6 26 192.168.2.1 unknown unknown 17->26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2020-10-01 17:43:05 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
7 of 29 (24.14%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
222e404e018c17e02a05cdf15699992894593b76b1372ec300981ddb38228cde
7417ed51775743c41da428a0bd486649ae808cfa45278ff566de373833023692
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104
acd0ae8b296ee3fd7d01547b5220877770538fb76144b237f81377e3241726b3
af4811889f865fa54c6d10f69d4dc68bf745db7dc00882ecbf93355ac9f2881f
b171d7cebed4d9ba4e5a119286ad18d0a6460155dd2be2af522739f0549ca0c8
bbf1cebce86dde95f8a66414a1106ae2494b57c7b3d36d6df16b8ddef74e6346
c55d93f8c25e4ed3886cc125f129ded48bf781990a143cbe5996f38fd2ab7fc7
d663f2c1a5075b43cc2706d58ae98dbb4b1ab168d5c99b43d5cb0b80e18937cf
f7be1623b907e2cc0475ac788eed965320bffc3ab084f74e249de9c46ecc5615
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201001-jh3gqx23a6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3
MD5 hash:
213304b0ca321dd76baa042cdcd1608d
SHA1 hash:
0cef726abfbc0dcfee3b628413f42feae6372826
Link:
https://www.unpac.me/results/06485665-fe2c-4f06-9ddc-4da04d3b8c0e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:function_through_object
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/67476/

Comments