MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b77dd1dbfede33d9a526773a528ce16e02617325db7ab4c82b9491409a284deb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b77dd1dbfede33d9a526773a528ce16e02617325db7ab4c82b9491409a284deb
SHA3-384 hash: 67a70388c92547cfc8747bc3f0b74e17001edf21e0ea1b874c33eb2ccee21972fa0af8244d6963448e97b7f009760ca9
SHA1 hash: 502d243f3097eb3edb875048657e99e9c4827a89
MD5 hash: 1d7981ef1474506860fa6ebdb67605f5
humanhash: artist-november-uranus-lion
File name:b77dd1dbfede33d9a526773a528ce16e02617325db7ab4c82b9491409a284deb
Download: download sample
File size:5'295'896 bytes
First seen:2020-11-10 06:56:09 UTC
Last seen:2024-07-24 20:41:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 73db5c9b52201f07943a77eb03757432 (6 x CobaltStrike, 3 x Riskware.Generic)
ssdeep 98304:SW1qiPgxn+cuSuxx8Svt73qq36IdKtVxNw6pUkp3bkbRxcUu:53EnsxxDt73DdKrwapwb7u
Threatray 169 similar samples on MalwareBazaar
TLSH D73633513490E8B3D46B103D7383C2A5A5F6B4B87B12941637F5AEC9287BFA33636706
Reporter seifreed

Intelligence

File Origin
# of uploads :
2
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.CobaltStrike-8091534-0
Create hunting rule

Win.Tool.CobaltStrike-6336852-0
Create hunting rule

Win.Malware.Tofsee-6896728-0
Create hunting rule

Win.Malware.Tofsee-7057860-0
Create hunting rule

Win.Dropper.Razy-7170446-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b77dd1dbfede33d9a526773a528ce16e02617325db7ab4c82b9491409a284deb/
Threat name:
Win64.Trojan.SmokeLoader
Create hunting rule
Status:
Malicious
First seen:
2020-11-10 06:59:08 UTC
AV detection:
40 of 48 (83.33%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
00436433cbc20393854a4bbfd835fa66ba454a180db125241d029b8959bf2efa
0a411cd463b91000f0a2a032d04ff3855bb458a4bb395e441ed7d9b313a99d29
17684b236187ddef5261ac3f1ffc88b41da74b4df7963003c2ee7c732035ebba
179a9cbd204f59591634d4289b4b9494a72d655021e06caf41b1e615df989b4c
197e1ed153952290628d8d7df87f8574f58d7720c8f6a6b9b48f0f20b656b1fd
30739896ea12185d27e0921b2703f0c540950a3e90c374f2f252db4d654630b4
5934cc132902dec2b1e57bcd79cab21acaafd4b3eca7566dba6d912d56ecad28
6819aeef46bdb64eb7f72f5ba764c618808e83cd169e678923d6c0103e78b8fe
7d2ef88de4820aae52a0062afc1dc0bcb93647254db69ced2a75304c5bef8d63
907816fef8920a22d1c447d6bb6d91e1926ac02612b247f490eff489d625794d
+ 159 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
upx
Link:
https://tria.ge/reports/201110-pgfngzax7e/
Behaviour
Modifies system certificate store
UPX packed file
Malware Config
C2 Extraction:
http://ns7.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns8.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
http://ns9.softline.top:443/s/ref=nb_sb_noss_1/167-3294888-0262949/field-keywords=books
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments