MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce
SHA3-384 hash: fbeaf1d343b890a4c71ecfbbf2d23dc0aa9621425df3b7af1ead36d6a4199c873cb9c1d65c98dfa670a7ba5e8e967db0
SHA1 hash: 19f6846caf6cd8a5049cec4870c7933d77f04896
MD5 hash: 8ecdef33cde0cc3231a3f494deb15032
humanhash: lithium-network-fish-illinois
File name:HVNC.dll
Download: download sample
File size:94'720 bytes
First seen:2023-01-23 16:03:56 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash c049eb3e6a65623be6a61b342aa0bb15
ssdeep 1536:WJaYOFIols/CPpz6lotZrB75ctmlrYseImnPxqqDMzQBB3aDWIAMcE2B7chOd:WJajaOoC3ZF7StmaznP9MzQBB3aaIaPM
TLSH T196937D02F65041BEE5F6407554DFE77AC17EB61447291CE3BEAB2E8059027D2BB3238A
TrID 45.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.4% (.EXE) Win64 Executable (generic) (10523/12/4)
9.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter 1ZRR4H
Tags:dll download-cdn.com TA505

Intelligence

File Origin
# of uploads :
1
# of downloads :
208
Origin country :
CL CL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/355960/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
80%
Tags:
shell32.dll
Link:
https://www.filescan.io/uploads/63ceaff596add6d1cf48361a/reports/47507a8f-bcc1-4f11-bdc3-a43ca6f613cd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dd53b8df-3ed5-4aad-9bc4-2e70d6a37e26
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1157165
Signature
Found evasive API chain (may stop execution after checking computer name)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 789907 Sample: HVNC.dll Startdate: 23/01/2023 Architecture: WINDOWS Score: 60 23 Multi AV Scanner detection for submitted file 2->23 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 1 7->9         started        13 rundll32.exe 7->13         started        15 cmd.exe 1 7->15         started        17 conhost.exe 7->17         started        dnsIp5 21 64.190.113.123, 443, 49701, 49704 TRAVELCLICKCORP1US United States 9->21 25 Found evasive API chain (may stop execution after checking computer name) 9->25 27 System process connects to network (likely due to code injection or exploit) 13->27 19 rundll32.exe 15->19         started        signatures6 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce/
Threat name:
Win32.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2023-01-23 16:21:24 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pyhh33z34743y54tx4kvsnornko3mmo5tg3rvnissuzygfisttha._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/230123-thx6vseb33/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Reads user/profile data of web browsers
Blocklisted process makes network request
Unpacked files
SH256 hash:
7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce
MD5 hash:
8ecdef33cde0cc3231a3f494deb15032
SHA1 hash:
19f6846caf6cd8a5049cec4870c7933d77f04896
Link:
https://www.unpac.me/results/0a8b6131-95ed-404b-9da9-34b7ec8a55bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.96
Link:
https://yomi.yoroi.company/submissions/7e0e7def3be7f9bc7793bf155935d16a9db631dd99b71ab51295338315129cce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/355960/

Comments