MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9362425ae690b5bf74782eafe959195f25ac8bad370794efd4a08048141efb32. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9362425ae690b5bf74782eafe959195f25ac8bad370794efd4a08048141efb32
SHA3-384 hash: 53e8a21b9cb91e6f309d9435b6bd50703fbac4c4141440bb82139deb55a9f523ab841533656001288ed4122fc6dc9123
SHA1 hash: 5d435c8eb4c34f713dbc28d1b3852e55ccb30b30
MD5 hash: 5bc9e1ae539728e7568e3f149c2da61b
humanhash: muppet-lithium-two-magazine
File name:9362425ae690b5bf74782eafe959195f25ac8bad370794efd4a08048141efb32
Download: download sample
File size:108'032 bytes
First seen:2021-05-19 10:56:35 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash e84ab737f2ea0b3a0c0a9b27bfb639fa
ssdeep 1536:U0l/48HkDEksuYCLRgE6F75UNvLsX1N6QWHsWETcd3bWMqcRYoQS:U0l/bu7Rgb75U9U6Ui3iLcRYol
TLSH F0B37B01B1D1C072D4BF693D0474EA615B7E7970DF61AE9B77A4123A0EB42E0AE35E23
Reporter j_dubp

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/158530/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a UDP request
Enabling autorun by creating a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/784834
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 417230 Sample: H67zHfk1w1 Startdate: 19/05/2021 Architecture: WINDOWS Score: 64 32 Multi AV Scanner detection for submitted file 2->32 34 Machine Learning detection for sample 2->34 7 loaddll32.exe 1 2->7         started        9 rundll32.exe 2->9         started        11 rundll32.exe 2->11         started        process3 process4 13 rundll32.exe 12 7->13         started        17 cmd.exe 1 7->17         started        19 rundll32.exe 12 7->19         started        21 rundll32.exe 12 9->21         started        23 rundll32.exe 12 11->23         started        dnsIp5 30 allgraphicart.com 155.138.135.1, 443, 49691, 49692 AS-CHOOPAUS United States 13->30 36 System process connects to network (likely due to code injection or exploit) 13->36 38 Contains functionality to compare user and computer (likely to detect sandboxes) 13->38 25 rundll32.exe 12 17->25         started        signatures6 process7 dnsIp8 28 allgraphicart.com 25->28
Gathering data
Threat name:
Win32.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2021-05-15 08:13:10 UTC
AV detection:
23 of 47 (48.94%)
Threat level:
  1/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210519-56hre41af6/
Behaviour
Modifies system certificate store
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/158530/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-19 10:59:28 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0030.002] Command and Control::Receive Data
1) [C0002.012] Communication Micro-objective::Create Request::HTTP Communication
2) [C0002.017] Communication Micro-objective::Get Response::HTTP Communication
3) [C0002.004] Communication Micro-objective::Open URL::HTTP Communication
4) [C0052] File System Micro-objective::Writes File
5) [C0040] Process Micro-objective::Allocate Thread Local Storage
6) [C0038] Process Micro-objective::Create Thread
7) [C0041] Process Micro-objective::Set Thread Local Storage Value
8) [C0018] Process Micro-objective::Terminate Process