MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lazarus


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641
SHA3-384 hash: 4857eae10ff567401c95de356341c2cbe9e00a5c87f5cb1682378a31a27203bd617aa5394b86f2a44980b4c7ba6771ff
SHA1 hash: ec8d7264953b5e9e416b7e8483954d9907278f2f
MD5 hash: 48971e0e71300c99bb585d328b08bc88
humanhash: cold-march-burger-uranus
File name:9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641.bin
Download: download sample
Signature Lazarus
Create hunting rule
File size:609'008 bytes
First seen:2021-02-18 01:36:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1513eba25694f99cecbcdc6cb414f6bd (1 x Lazarus)
ssdeep 12288:VhOHEwPzMEoJ1BpfYYPmrv3l1dxs6GWRGuGTi2euRBFXTnn8HPIRlxhD44ENrYAt:zOHEwPzMEoJ1BpfYYPmrv3l1dxs6GWRz
TLSH 42D4183066BAC533E091F17388DED579024C5E7B43868FDBB7D917065C9B0C62A39CAA
Reporter Arkbird_SOLG
Tags:apt Lazarus signed

Code Signing Certificate

Organisation:JMT TRADING GROUP INC
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2019-07-12T00:00:00Z
Valid to:2020-07-11T23:59:59Z
Serial number: 913ba16962cd7eee25965a6d0eeffa10
Intelligence: 3 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 8daef9542ae2999787627cf1f53857c4c0cff9dfa024c8af35d3488245be7de6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
171
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641
Verdict:
No threats detected
Analysis date:
2019-10-14 22:01:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ed0c0085-bb3d-421e-9996-a3aa98419c5d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117634/
Detection(s):
PUA.Win.Trojan.Generic-6629274-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/610997
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Submitted sample is a known malware sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641/
Threat name:
Win32.Backdoor.Applejeus
Create hunting rule
Status:
Malicious
First seen:
2019-10-10 17:17:29 UTC
File Type:
PE (Exe)
AV detection:
33 of 48 (68.75%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210218-h7gxb75jxj/
Unpacked files
SH256 hash:
9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641
MD5 hash:
48971e0e71300c99bb585d328b08bc88
SHA1 hash:
ec8d7264953b5e9e416b7e8483954d9907278f2f
Detections:
win_applejeus_auto
Create hunting rule
Link:
https://www.unpac.me/results/d6a38d67-40ec-4497-8594-601d5840469e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NukeSped
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9bf8e8ac82b8f7c3707eb12e77f94cd0e06a972658610d136993235cbfa53641

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/117634/

Comments