MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85b6c167b50c8d9807c80990ce88cc3bf7e4b449b7d86b347090b33d1bc0030b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lazarus


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85b6c167b50c8d9807c80990ce88cc3bf7e4b449b7d86b347090b33d1bc0030b
SHA3-384 hash: d9ac5c922cd15ee8f713fb15c1801915ab99fb5fb9fc4cba4e95347064df745e91d800be70bef136bdb166054db1780c
SHA1 hash: c91b62c6566c3c9d080c065f29f053e6393c3992
MD5 hash: 0001d1b4cf8621a869ae31bba55371fc
humanhash: echo-uniform-thirteen-rugby
File name:Base64Decoded.bin
Download: download sample
Signature Lazarus
Create hunting rule
File size:293'376 bytes
First seen:2020-06-23 11:49:49 UTC
Last seen:2020-06-23 12:45:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 5242ba3caf554e366df512a3619321a2 (1 x Lazarus)
ssdeep 6144:At6Usqqvc9YwBL9F+gHhkTwFmaiy8iVSIdGLm3p+oOUn:U6Usqp9bSgZCTpIdGLGph
Threatray 70 similar samples on MalwareBazaar
TLSH B9546B69B2A408B5D867D17DCA934646D3F278451731CBEF53E0026A2F337E1AE3A712
Reporter JAMESWT_WT
Tags:dll Lazarus

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12971/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85b6c167b50c8d9807c80990ce88cc3bf7e4b449b7d86b347090b33d1bc0030b/
Threat name:
Win64.Trojan.Casdet
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 11:51:05 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=qw3mcz5vbsgzqb6ibgim5cgmhp36jncjw7mgwndqsczt2g6aamfq._file
Verdict:
unknown
Similar samples:
04c46c55336ac40d567ef0aac98ff8424872b584ea169c1a098ced833dd9bab4
Lazarus
071c9ef8d382452d6bcaa4a46eeb4a0e71562097201d228caf15229fd2b68ac9
Lazarus
0f1f333f34d4ab91907ca6a0ad8d3360d5324623e9c885ab228127bce34932e5
Lazarus
389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5
Lazarus
40273d18abc0d623a1798766e0d388f2f46bfa7ad535cad46098a5262382fa13
Lazarus
48b9908bc98ae2903ee34167224b402fe5eb3a6c9b853ab17e728de52e2639a0
Lazarus
96e3dab826ca6a894973bdb308ce141be90e043efb7d3c707d8e09b35453e699
Lazarus
c6a810bf84ea3fd17a282d2a10bec7811c79ff751d5dbcf9eb84cff95f1fd5ba
Lazarus
e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0
Lazarus
fde7c52c166cd76fea454bbb539e7eba9ce704f5b442534bf5c4163213215426
Lazarus
+ 60 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence
Link:
https://tria.ge/reports/200624-79hqsmzafn/
Behaviour
Gathers system information
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Modifies service
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12971/

Comments