MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 94746ac2df9974eeb567f552a74aa0c2329e60416f3232b85f11ca1a0e0b696b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 94746ac2df9974eeb567f552a74aa0c2329e60416f3232b85f11ca1a0e0b696b
SHA3-384 hash: 789c5ce30c8f8522b0ad66503604c93e41ee69e05b7d49b3f7743ba085c3efe3669d9d1c826f64cad5d7049eed26fbc9
SHA1 hash: bda57227822662eff53d46ccd166ec01e5037544
MD5 hash: 78eefbf9b47850d337b85eaef335e9f9
humanhash: mountain-wyoming-harry-network
File name:mmm.dll
Download: download sample
File size:292'864 bytes
First seen:2020-05-12 04:25:55 UTC
Last seen:2020-05-12 04:44:31 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 74b799c824380dd2d9e31c6a52e3d368
ssdeep 3072:fziN8E61w/K2e2Sue2bYSmFG/8UlcIhqzZMUIBevpTJ/Fi/GTpULC1G/iQ:+iEn/Ky+2b+k8UKIkdMUIBoBiOp2KQ
Threatray 34 similar samples on MalwareBazaar
TLSH 0A541247D712919BD4FB5A306AEC1420473D87AF4F2600CAE79E0D6C7A3369D45B12AE
Reporter JoulK
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33789945.25704.8574.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Darkvnc
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 15:43:09 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
22 of 31 (70.97%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
02ed63cbeaf40a7221a007c8fd3641de0406943ac82f49cc5b3e85cfa0e17ec3
07fd393e36e2519dda8edff80b6c629347586a628d70103d0cb425ba5c6cd0b9
26cb425375a7613736c367866d0b79b8b7d8845437ec88e87bc83146445f892e
2a0ff145da991dbd3443cc260e9e8dcb9bcd61ec6868d80b81c77145eddc44a8
40ac8e128b78d30d49accda865a6ca90a23cf7b7e5f31042c7df55a9fe1b5af4
50ca73e510646ea1534f248099ce844f7f6178adb93055f8459ec07645f48e79
7eaf1d4d20b405c4cc1209b5c2c3a63f2db9201b09e33979b9677738150a94bd
b1edf0682b7141bf0f7bc1f18a02e74d3b81e2d03aa7427d81761267eabb57d5
b3d36e86a478b5223968e34ca51bff54002eb9b1a01ef26d8b657d49dd4dd831
e2d6b8bc603260f1a7564a044523d230c31c8d873deabb579cae90b88f1b92b9
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-qfnwd791p2/
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
ServiceHost packer
Suspicious use of NtCreateProcessExOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 94746ac2df9974eeb567f552a74aa0c2329e60416f3232b85f11ca1a0e0b696b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/361256/
  
Delivery method
Distributed via web download

Comments