MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98005f1311cb9e67fde35c40b00e63a795682eff5d691c4af4e32b9fd9141e00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98005f1311cb9e67fde35c40b00e63a795682eff5d691c4af4e32b9fd9141e00
SHA3-384 hash: 811cd7169c59daa9cee1a15d45fa8341d130432aa6ae6e84240deecbbdd7a43d18ee776e3d1da571e203d939d4af2117
SHA1 hash: 57205aba7c78f0ef26607a3886c337729e42a958
MD5 hash: 88058f0cf7e0b4ff651bb2f2e4e6a668
humanhash: winter-leopard-foxtrot-kentucky
File name:88058f0cf7e0b4ff651bb2f2e4e6a668
Download: download sample
File size:1'166'024 bytes
First seen:2020-11-17 12:46:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24576:PKTDlAAkg/KdFlY0K24MYkJTwbM8Ma9yklGk243fOuV/dwSSJvy:whABg/KDlYv2BlwfvQcndbD
Threatray 3 similar samples on MalwareBazaar
TLSH A245F18577E94112C69EF37582A2036D3B70420BBA1397A7D8A410BC0CB77DB794EDA7
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Browsefox-9778195-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98005f1311cb9e67fde35c40b00e63a795682eff5d691c4af4e32b9fd9141e00/
Threat name:
Win32.PUA.BrowseFox
Create hunting rule
Status:
Malicious
First seen:
2016-12-07 16:45:45 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  1/5
Verdict:
unknown
Similar samples:
54d7969a09d2ad3dcf82a96a0fce4e3fc5bbb6ee26d01a0b8517f364b5431217
5b32b25c28c5b99c080f8b452c2b5b5e95d2d23432ea8191069f46f7b4835d44
c07d9b494ee6dad4baa8ad39b37af05488278e8823b81feab25f359ccdc390bd
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-dczgyvtskx/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
98005f1311cb9e67fde35c40b00e63a795682eff5d691c4af4e32b9fd9141e00
MD5 hash:
88058f0cf7e0b4ff651bb2f2e4e6a668
SHA1 hash:
57205aba7c78f0ef26607a3886c337729e42a958
Link:
https://www.unpac.me/results/8e8c4662-b7cd-4624-bc22-7b2d7e98d455/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments