MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 875ac24276dbe23f119bf8c7ffac6e0063062718f1c6b83c9cfc75a929f5cef2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 875ac24276dbe23f119bf8c7ffac6e0063062718f1c6b83c9cfc75a929f5cef2
SHA3-384 hash: 2c237c08e2153fbf1733549fc771bf15c624d56480af592bf86f20a8e8b9492e99457b3b0ba04a3d222f89cde99f03ed
SHA1 hash: 6d7e3a497d68aed1186db370b23ab77ce89d066a
MD5 hash: fcbb6897207c420580b5a9e78333a1c7
humanhash: crazy-mexico-utah-helium
File name:1650000.dll
Download: download sample
File size:638'464 bytes
First seen:2020-08-12 20:47:02 UTC
Last seen:2020-08-12 21:42:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4de8f17eba78fc7cd912cd172dc84246
ssdeep 12288:amWZBLqZfDSFmAGrrCrQBNs2KBSSHLgDsVzaJWL:MBLMDjAur+QBlKBrA0O
Threatray 10 similar samples on MalwareBazaar
TLSH 46D46A5AB6E404F9D967C139CA57862AE3B2B4051761D7CF03A097AB5F237E14B3E320
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/44541/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/424008
Signature
Contains functionality to hide user accounts
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 264534 Sample: 1650000.dll Startdate: 13/08/2020 Architecture: WINDOWS Score: 48 20 Contains functionality to hide user accounts 2->20 22 Machine Learning detection for sample 2->22 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        process5 15 WerFault.exe 21 9 9->15         started        file6 18 C:\ProgramData\Microsoft\...\Report.wer, Little-endian 15->18 dropped
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/875ac24276dbe23f119bf8c7ffac6e0063062718f1c6b83c9cfc75a929f5cef2/
Threat name:
Win64.Hacktool.Generic
Create hunting rule
Status:
Malicious
First seen:
2020-08-12 20:46:41 UTC
File Type:
PE+ (Dll)
Extracted files:
3
AV detection:
20 of 29 (68.97%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
1d67abe1ec08e6215e08d6bb595ade3d1d33d0e886edf887b29f4d8e1d46e593
2339489be44f93b61688ee3b65d0bd2fede5f6dd494588a6268602d2f006bd16
40a2ace8bb6e3d7d50bb346344789c2fafd25490fdaa982134aaacce6f971995
602c753ee7337a5398df34b82238dd243d6afc9aa0f2d6e75f9d5a98cb609aa9
690be9e806f882774ab1347302bd92236a16499f160f37e59992c220466493c0
8a99a4c58ef5e27d112f0efb4719abe01bcddb5e516114711ee4991f7922ab5f
bd5ebf9632ad17e9a39393ab94ef055307ec053486fe703e2a614de391bc4a65
e50d52fbac295a37f0ed0b724d4ddafca8c86bcd2391b4c481d51d5e279afd20
ef0e8df5c700e64d5d2e8dde4c9b5c117abfc919c676ff383019c585e8e367b0
fefb3c7053a1332b03a4c0523862e8e387a5065b263cf10cb0d7f33f02afc646
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200812-3re2f94l2s/
Behaviour
Blacklisted process makes network request
Blacklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Trojan
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/875ac24276dbe23f119bf8c7ffac6e0063062718f1c6b83c9cfc75a929f5cef2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ReflectiveLoader
Create hunting rule
Description:Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/44541/

Comments