MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cd3ca8bdfb44e98a4b9d0c6ad77546e03d169bda9bdf3d1bcf339f68137af23. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Lazarus

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7cd3ca8bdfb44e98a4b9d0c6ad77546e03d169bda9bdf3d1bcf339f68137af23
SHA3-384 hash:	250aa157fdeab87c668027649c232ffc447931db472669614b246d9875701aadca2b5d046c9864e8104b0a2f6dabb745
SHA1 hash:	56b9de82c7ede1c231dc20ff0726bf416f13f312
MD5 hash:	9a8403e2eb0324050e53f2c500bc8308
humanhash:	georgia-venus-december-robert
File name:	torisma_unpacked
Download:	download sample
Signature	Lazarus Create hunting rule
File size:	143'872 bytes
First seen:	2021-01-28 14:40:25 UTC
Last seen:	2021-01-28 17:08:05 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a668a2b3bcf89f74052cc3b811178c3d (1 x Lazarus)
ssdeep	3072:lSCaLYBvRrV/faT81zidf48PIMZRj7e5jt7KBvxR:ALqvRJ/faTndf48PjZ5seBZ
Threatray	3 similar samples on MalwareBazaar
TLSH	48E30A4AB2E512F7C0BB923896966726BA72FC164735978F430067661F337E16D3B320
Reporter	0xthreatintel
Tags:	apt Lazarus Unit180 unpacked_Torisma

0xthreatintel

Spread with word Document

Intelligence

File Origin

# of uploads :

2

# of downloads :

183

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

torisma_unpacked

Verdict:

No threats detected

Analysis date:

2021-01-28 14:42:45 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/364d6a93-e35a-41a4-b54e-5849648bf9c1

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/114244/

Detection(s):

SecuriteInfo.com.Trojan.Siggen10.21213.7463.31650.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Threat name:

Nukesped

Detection:

malicious

Classification:

troj

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/592964

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected Nukesped

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7cd3ca8bdfb44e98a4b9d0c6ad77546e03d169bda9bdf3d1bcf339f68137af23/

Threat name:

Win64.Trojan.NukeSped

Status:

Malicious

First seen:

2021-01-28 01:52:47 UTC

AV detection:

10 of 29 (34.48%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

7762ba7ae989d47446da21cd04fd6fb92484dd07d078c7385ded459dedc726f9

9ae9ed06a69baa24e3a539d9ce32c437a6bdc136ce4367b1cb603e728f4279d5

f77a9875dbf1a1807082117d69bdbdd14eaa112996962f613de4204db34faba7

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/210128-1bcdm9w5yn/

Behaviour

Modifies system certificate store

Blocklisted process makes network request

Unpacked files

SH256 hash:

7cd3ca8bdfb44e98a4b9d0c6ad77546e03d169bda9bdf3d1bcf339f68137af23

MD5 hash:

9a8403e2eb0324050e53f2c500bc8308

SHA1 hash:

56b9de82c7ede1c231dc20ff0726bf416f13f312

Link:

https://www.unpac.me/results/ded5e728-9b7b-4f23-944b-9fcff0cdd181/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7cd3ca8bdfb44e98a4b9d0c6ad77546e03d169bda9bdf3d1bcf339f68137af23

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://0xthreatintel.medium.com/internals-of-lazarus-operation-dream-job-7ced9fc7da3e

Dropped by

Torisma

Delivery method

Other

Cape

Cape

https://www.capesandbox.com/analysis/114244/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample