MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
SHA3-384 hash: 27db73163b79c2ebf9be7a7bab515341215e762998fa0b180effa8760122ad4e350e91770a4dfa9f18106ca46c64d8b7
SHA1 hash: e38e6555bf3d01eb3fa2cee3f3a75128728f2dc2
MD5 hash: 411074a668721b9fe2ef22197e9f7e48
humanhash: artist-july-bravo-johnny
File name:95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f.dll
Download: download sample
File size:1'702'400 bytes
First seen:2021-10-27 23:39:16 UTC
Last seen:2021-10-28 01:10:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2869cb885758b15d003acb119f131468 (6 x BazaLoader, 3 x CobaltStrike, 1 x IcedID)
ssdeep 24576:yarBYucHPcCsi/GkU1C2LRB+HbkZ7TCYzaIXM:tYuegAGkU1CIu7wTC
Threatray 14 similar samples on MalwareBazaar
TLSH T11A755A13B8D204BBC5BAE130845293617A327CB547312FD72E94BAAA5E75BD82F3D314
Reporter Anonymous
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
97
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/200725/
Detection(s):
SecuriteInfo.com.W64.Agent.NCXS.25336.3981.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug monero
Link:
https://www.filescan.io/uploads/6179e355db358dd15ee13b45/reports/baf6f5ec-fc35-4111-9dc4-a444a12891a7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6ab76593-8ff2-46a1-b24b-5a9e7a85a6e2
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/878185
Signature
Antivirus / Scanner detection for submitted sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 510619 Sample: GrOGLnKDs6.dll Startdate: 28/10/2021 Architecture: WINDOWS Score: 48 20 prda.aadg.msidentity.com 2->20 22 clientconfig.passport.net 2->22 24 Antivirus / Scanner detection for submitted sample 2->24 8 loaddll64.exe 1 2->8         started        signatures3 process4 process5 10 cmd.exe 1 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 4 other processes 8->16 process6 18 rundll32.exe 10->18         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f/
Threat name:
Win64.Trojan.WinGoKryptik
Create hunting rule
Status:
Malicious
First seen:
2021-10-27 21:21:20 UTC
AV detection:
6 of 28 (21.43%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1bf28e7bb5cf75e005c6a8f647b7cd0a6a5b5e1455a8a902a81aef774aac27e6
1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
314449ff757b308d440796441176566d3a6c17522dd75a8b24b70aab80458065
4ef27aa805d70d310dd56575525553be1baf7a48d4e7327f056ca0a5859c6ff6
508a816001e6d2f7b6617d9009e97c533d02d366055dad4eb17a9ee38915fa4b
60e3f1aa7f85ea1f92ad1415eb2fd129b790d84954a6537761be3e63338f2de7
8e4c165eb5f1072f84dfd76fd4966e455eaeb0df3a14d20559253d2ebabf7114
b0912554158dfc4bad48096f61b9312405ee97e802447fdfa52ed64ee4bf023d
b23360e8388e32799d7ffa2e427131a8d5d9aa0dfa9c46c1392c1de9032be54c
e6ecad8148c06e8e0fa14f1e3c9026703891b291c25180fe4936260c967d1c15
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211027-3nv35ahdep/
Unpacked files
SH256 hash:
95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f
MD5 hash:
411074a668721b9fe2ef22197e9f7e48
SHA1 hash:
e38e6555bf3d01eb3fa2cee3f3a75128728f2dc2
Link:
https://www.unpac.me/results/a728ccd8-d1c0-4c2d-b9fc-3e2b53761fe0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/95347bea5432c09cc216f5db771b956eb78a43139789036af9446139967b1c7f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:GoBinTest
Create hunting rule
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/200725/

Comments