MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb6aed55da4225ebf59c253940fd805326b404da3986b75db64cc2ea9c5a40df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb6aed55da4225ebf59c253940fd805326b404da3986b75db64cc2ea9c5a40df
SHA3-384 hash: 026ef15ebd994b6b8c1ed7d02752cd377ad0818af49670db362128802839bce1b6254e79f1db23075744b0f03ee1676e
SHA1 hash: 44543d7d95c7ce4284544b1177bc4953dbba902d
MD5 hash: 82fcb18a01c9e21719d5d72020319b9e
humanhash: enemy-bulldog-bluebird-minnesota
File name:INETCFG.dll
Download: download sample
File size:221'696 bytes
First seen:2022-06-07 10:44:16 UTC
Last seen:2022-06-07 12:07:12 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 33a10e400d54466342b034a02982fc21
ssdeep 3072:Ens8LbJEU5GmnUIYP7nIAVk+6HnAYnRQg0Hq4PM0Xp6/rmI9IxFCBfjNDFE:UtRGmFYP7nIqklHntnmg5caOCxhF
Threatray 16 similar samples on MalwareBazaar
TLSH T1862412BEE0BB69C8FBF6B470978257D9D061B906C32C025948EF45B9062E544872F1AF
TrID 50.8% (.EXE) Win32 EXE PECompact compressed (v2.x) (59069/9/14)
35.7% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
4.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
3.8% (.EXE) Win32 Executable (generic) (4505/5/1)
1.7% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter obfusor
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/277308/
Detection(s):
PUA.Win.Packer.PECompact-2
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed wacatac
Link:
https://www.filescan.io/uploads/629f2c311fdbb8e83146904c/reports/6d4f7eba-4c76-4054-82df-66c72f72e639/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
KRBanker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ca0164f1-0b72-409d-976d-da0922bd4ab5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1008050
Signature
Creates an autostart registry key pointing to binary in C:\Windows
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 640546 Sample: INETCFG.dll Startdate: 07/06/2022 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for submitted file 2->22 24 PE file has a writeable .text section 2->24 7 loaddll32.exe 1 2->7         started        9 rundll32.exe 2->9         started        11 rundll32.exe 2->11         started        process3 process4 13 rundll32.exe 1 7->13         started        16 cmd.exe 1 7->16         started        18 rundll32.exe 7->18         started        signatures5 26 Creates an autostart registry key pointing to binary in C:\Windows 13->26 20 rundll32.exe 16->20         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb6aed55da4225ebf59c253940fd805326b404da3986b75db64cc2ea9c5a40df/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-06-05 04:31:53 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
14 of 41 (34.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnvo2vo2iis6x5m4eu4ub7makmtlibg2hgdloxnwjtbovhc2idpq._file
Verdict:
malicious
Similar samples:
0b10761472959c21047f3e82f9c59f0e988c30b8501cdb4818539805eeafbf65
406375a48127dd65ec739eb3aff0d5e9c8cfea159d5cca23ea64ecb990789ac7
434292f26fea797357e82f45440c8e26013486302a0a97dc011641ed015284df
6b4855c27525029b4ae321dfc3c3a09331ffec5a7aabf724d5e97d04c9339682
8b4d93af831e8015390e408e5d3ca39ea69287ed500fdea41457a652a0eb336f
b0728becdec44adb3805d56979b209171214e70f2cc9b4e8d385eb9322290f0b
bd89f4b43df255b712bba25ff9e8fca06b42e69a623f9650ebb5fe7112131580
d066a84aa7198a0e30c6e655386ae8f000c024e468a3a99aad1b70e098ff53bd
d3eea564009b7ebf8461fe6260105dd0a93dc3b817738837674d453ae574fcb7
+ 6 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220607-mtds2ahfcm/
Behaviour
Suspicious use of WriteProcessMemory
Adds Run key to start application
Unpacked files
SH256 hash:
bb6aed55da4225ebf59c253940fd805326b404da3986b75db64cc2ea9c5a40df
MD5 hash:
82fcb18a01c9e21719d5d72020319b9e
SHA1 hash:
44543d7d95c7ce4284544b1177bc4953dbba902d
Link:
https://www.unpac.me/results/d730f036-aec9-4f2f-a95c-ab21ebc2f1cc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bb6aed55da4225ebf59c253940fd805326b404da3986b75db64cc2ea9c5a40df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/277308/

Comments