MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lazarus


Vendor detections: 4


Intelligence 4 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2
SHA3-384 hash: 00d266cace5d28f18906506b1db4968d626c1c3f6c0f8bffabb9de235e9df33462ca238bde263b6e6a4cac015366bffb
SHA1 hash: 2efdf82808cd7f63ebc66f553ae94127c3d7c60b
MD5 hash: 3439de0b221320f58e3432c2672c4074
humanhash: zulu-friend-summer-tennessee
File name:Voov meeting (portable).zip
Download: download sample
Signature Lazarus
Create hunting rule
File size:8'621'598 bytes
First seen:2024-11-14 07:13:07 UTC
Last seen:Never
File type: gz
MIME type:application/gzip
ssdeep 196608:Gk7bjnf28aeWui4LlxeaAgztf0gS+vUDHzZ0+GGwgHrrCOB4AvGR:Gk7bT28aeXfejgZ7SKKHzG+GGZHBP0
TLSH T1EE963338B01C5EA3F42A201FDB772E515BE786930D548A93BC05DDEDADBE659A004E0F
Magika gzip
Reporter JAMESWT_WT
Tags:apt gz Lazarus

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
IT IT
File Archive Information

This file archive contains 4 file(s), sorted by their relevance:

File name:Info.plist
File size:1'580 bytes
SHA256 hash: ec45e55f3ed3b3d2d640153c93a6c884ca6eaef5185594a13ed0b03e7f38cff0
MD5 hash: 075e4d871cf857d3f05226dd1dfe924f
MIME type:text/xml
Signature Lazarus
File name:AwesomeTemplate
File size:20'387'920 bytes
SHA256 hash: 176e8a5a7b6737f8d3464c18a77deef778ec2b9b42b7e7eafc888aeaf2758c2d
MD5 hash: 959e71b8f743a202eb80b65acbb60f7c
MIME type:application/x-mach-binary
Signature Lazarus
File name:icon.icns
File size:277'003 bytes
SHA256 hash: 1535d355994f8ee82da91384d2a29e04d5b4440f3e6051b5c8b06e7a62283693
MD5 hash: dc5a81b3939b6d78b1e2b7ac83e330eb
MIME type:image/x-icns
Signature Lazarus
File name:CodeResources
File size:2'440 bytes
SHA256 hash: 2922a8d1d9b671dfa060a747efcb3c73f34e4fbd8e7b49adfc642edde7551bfb
MD5 hash: e29193e93e2ece4f1d470770e5dfce76
MIME type:text/xml
Signature Lazarus
Vendor Threat Intelligence
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6735a35b34b6906b3482aec5
Tags:
malware
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6735a33ddcee1c39e4700bba/reports/5753a3c0-45ab-44c5-a8c1-0470a0db1f12/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2/
Threat name:
Archive-ZIP.Downloader.Generic
Create hunting rule
Status:
Malicious
First seen:
2024-09-12 02:38:31 UTC
File Type:
Binary (Archive)
Extracted files:
11
AV detection:
n/a
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sei5iwgvmznrx5ddqwlzf2kq72gydbw7tjvdeqjwbxar6ngqddba._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/241114-jktakszjeq/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Lazarus
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9111d458d5665b1bf463859792e950fe8d8186df9a6a3241360dc11f34d018c2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments