MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bff33dc4020ac8eeb354eb4a20f241f0bef6e1f15c029ba33b2350d84e8de42a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Valak


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bff33dc4020ac8eeb354eb4a20f241f0bef6e1f15c029ba33b2350d84e8de42a
SHA3-384 hash: 475b3751325f756efe520346252c0346e074367d658ac27f4c6141c21f27602aca8388d708560f93c153ae2a7da8b7dc
SHA1 hash: afd468cf7c2302fa07ac8691e03997b953836287
MD5 hash: 0790e65e6925fc63a75856c0b4c0cd65
humanhash: nine-charlie-emma-nitrogen
File name:1
Download: download sample
Signature Valak
Create hunting rule
File size:312'832 bytes
First seen:2020-07-02 10:40:56 UTC
Last seen:2020-07-02 12:09:51 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2e8073b7a85a9030756e1e297158075a (1 x Valak)
ssdeep 3072:CIlqdfsSBbLL1lNkvSODbTmn6yjtNCnWTj+wL7Vo6OJew6XTDn0S6GGPqNB3fYp7:d0BbNlNcaT4SjvBNnx26B3wpa
Threatray 321 similar samples on MalwareBazaar
TLSH ED64BF3D71D9A036D17E42398975D93446FDBC218B2FCB4B77C84E1F0A72780662A7A2
Reporter JAMESWT_WT
Tags:Valak

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'877
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18420/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bff33dc4020ac8eeb354eb4a20f241f0bef6e1f15c029ba33b2350d84e8de42a/
Threat name:
Win32.Worm.Cridex
Create hunting rule
Status:
Malicious
First seen:
2020-07-01 01:11:46 UTC
File Type:
PE (Dll)
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=x7zt3racbleo5m2u5nfcb4sb6c7pnyprlqbjxiz3eninqtun4qva._file
Verdict:
unknown
Similar samples:
27257f91779a5e2c592cea1abe7ef03203a10e22f409653ad0d2be6cea1278b6
Valak
320b32588747e724f53815de8f561658d73d2ca012aea9b1385ff822aecc456e
Valak
349e0e8c99f2400f4aab3c8c568fdae562582ed3a0e338a5c9f431c1a7ccc21b
Valak
4e42d0b8f380bfe6eee645eb5559c16be5e17f01dcff03b6ec51340eb0084072
Valak
4e6601094c17253d78d7715c38d5084864a3526c2ef0e5a2c1bfc3dd7bd16bdc
Valak
5febcd6e23298f2047669268bc4597a2ef75983cca84d7c7561ac7fca453cd46
Valak
723b6eee9bfb6777fced50e1078b30be8b31d7a9c66b98dcba6125e2c21cf69c
Valak
85aed1162aedda4c3046718fbe9ea80a8a411e02c1179d16ac3e3d2d337b5602
Valak
c39f4e8907f2451533ce0eea7bbfae268aa9e7bb9964dcd6d5d0f1bf41559b5c
Valak
f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2
Valak
+ 311 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200702-fpawy2znna/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.malware-traffic-analysis.net/2020/06/30/index.html
Cape
Cape
https://www.capesandbox.com/analysis/18420/

Comments