MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84
SHA3-384 hash: f664a9adea18a6fb08b02ebfdbc5fe3e66ee89d36a92482cfd2b59dd736e57db0920d0f5d7a8047c14ce9fe20f60830c
SHA1 hash: 191809a81618f0e5e98a56b3d858146bb484aa20
MD5 hash: 95d358908be78c7c95f7057c87989f42
humanhash: solar-lactose-washington-green
File name:slwsec.dll
Download: download sample
File size:526'336 bytes
First seen:2021-12-03 15:56:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 278b13de7ef03176f4096bc4728e7ac3
ssdeep 12288:DkioOQhCI6M+A609YBSi85BV6zQyhoctxn+eXPU/xf:+hpHXMSi85BV60yhNtAV/t
Threatray 40 similar samples on MalwareBazaar
TLSH T140B49D19FB6814B5E0669138CD738946D6727C5A07B1C6DF23A8572E2F33FE04A3A721
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
228
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
slwsec.dll
Verdict:
No threats detected
Analysis date:
2021-12-03 16:46:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e55e1197-cdf8-4cf4-8e69-a449b4218eb6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/211081/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/61aa3e5e4d8e6f3a5e0d8030/reports/46809f8b-188c-46c3-a17e-1ae00c840bb4/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/587df41d-bd20-4d80-980f-de2bd73eaa52
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/901047
Signature
Tries to detect virtualization through RDTSC time measurements
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 process2 2 Behavior Graph ID: 533526 Sample: slwsec.dll Startdate: 03/12/2021 Architecture: WINDOWS Score: 52 7 loaddll64.exe 1 2->7         started        signatures3 35 Tries to detect virtualization through RDTSC time measurements 7->35 10 rundll32.exe 7->10         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 7->15         started        17 rundll32.exe 7->17         started        process4 signatures5 37 Tries to detect virtualization through RDTSC time measurements 10->37 19 cmd.exe 1 10->19         started        39 Uses ping.exe to sleep 13->39 41 Uses ping.exe to check the status of other devices and networks 13->41 22 rundll32.exe 13->22         started        process6 signatures7 33 Uses ping.exe to sleep 19->33 24 PING.EXE 1 19->24         started        27 rundll32.exe 19->27         started        29 conhost.exe 19->29         started        process8 dnsIp9 31 127.0.0.1 unknown unknown 24->31
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84/
Threat name:
Win64.Trojan.Bazaloader
Create hunting rule
Status:
Malicious
First seen:
2021-12-03 15:57:18 UTC
File Type:
PE+ (Dll)
Extracted files:
4
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
22e899eddfcdd250f184f10d71b117c2b6a1625847ba5c46c39ee6245afc1ef2
58bef95d2f1dc3d23b16d982a452e982d4812eee455bc90b2c8694e5e58eec28
69c6638c277af7f94f34c6f1ea1cee9d7cf5ee7a1e8ef0d2df527f8d6a529f5f
6a852c0f5d6e5f124298d47ec6800100bfd886b6196a722bced61f267b497a7d
7883df070b501cf6d4f167ac030820d2fa5d90bd6f48b7feacbe17e612e0475b
880e2c5548284e08c44028f419a98350fa58e9f758a57f4ddb7b5d6e48fc7eb9
976ef5ced7cc6b4d30a7eed5d427dcbc70b4c14403dd53fc1caa7c5b9ac9200f
b163e34d8490c0b567d788e997d9693c9da120a21dff06de9d400c6e66386437
bec7fb70521beab8f861f0d0c5c2996c48bd26626546b12d8c08265dcbc546d7
f0718e4578b67fc0c73b03762a91abd62a071758074ac8f108a00c4cf612474f
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/211203-tdya3aghhp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84
MD5 hash:
95d358908be78c7c95f7057c87989f42
SHA1 hash:
191809a81618f0e5e98a56b3d858146bb484aa20
Link:
https://www.unpac.me/results/2f5cd9d5-930d-4a29-92cb-7c582945aadc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/83eebca023e0700c5d40cc90fd9fedba3523b8f4e4012a6427e2d8c644a6eb84

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/211081/

Comments