MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8efa0caae331cfcff5ec198ccf240a73821ff2b3fc8e862c5c633404fac4d87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8efa0caae331cfcff5ec198ccf240a73821ff2b3fc8e862c5c633404fac4d87
SHA3-384 hash: 6689f0b3457662a82ca5cfa1b225c27e3a6f4a2edb546736b1cc2120f7647e65e74c84ce67e691ff07fb0dbc0315540a
SHA1 hash: 84c5c69f420c63d69909b9297d9edc276bbc0596
MD5 hash: 9dee88a55d8e47e855227ba29780ef92
humanhash: december-carolina-pizza-happy
File name:srt_join2.dll
Download: download sample
Signature TA505
Create hunting rule
File size:274'320 bytes
First seen:2020-08-19 14:16:15 UTC
Last seen:2020-10-11 05:13:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 181694c27bbcd649ceea029288306695 (1 x TA505)
ssdeep 6144:v33/+wHELy63XVab9UjyPIqGtK+8hzwsqCSMFaW0q:f3/+wH4ZIhUjyvG8+8tqCL9
Threatray 5 similar samples on MalwareBazaar
TLSH F944CFFBDB73A2E5D869847190A1353F3F3A3B14822C896E47905B418F57AB0DCF8589
Reporter James_inthe_box
Tags:dll signed TA505

Code Signing Certificate

Organisation:INFINITE PROGRAMMING LIMITED
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2020-07-27T00:00:00Z
Valid to:2021-07-27T23:59:59Z
Serial number: 4e8d4fc7d9f38aca1169fbf8ef2aaf50
Intelligence: 10 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 88db68f95a221348c630e175c18b9e8aa4b103b9ab89a29142c3a06a47f90c99
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48620/
Detection(s):
SecuriteInfo.com.Generic.mg.9dee88a55d8e47e8.15758.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
0 / 100
Link:
https://www.joesandbox.com/analysis/438440
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8efa0caae331cfcff5ec198ccf240a73821ff2b3fc8e862c5c633404fac4d87/
Threat name:
Win64.Trojan.Gangola
Create hunting rule
Status:
Malicious
First seen:
2020-08-19 12:10:27 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
714e660b728139817055b394231162a7cbe2198ba6662c8450f18e69d0db4402
TA505
803df5563322ce783b5dd6dc8349b231efca92c8a14ddc7b45c107891e939dcf
TA505
edd98c786c6e3a65897d93235b833dd4c19b07cfc83ee6210e7366d1159df2cb
TA505
f2533afe59d0a7eca33e3b73190ec28c1b118e77406e2034d115171cef3bd247
TA505
f7125019233ca9714d5b2b16ef66119c37bc9033597f0c39e9defa1dc0f5c1df
TA505
Result
Malware family:
n/a
Score:
  10/10
Tags:
loader
Link:
https://tria.ge/reports/200819-36yp3z1eha/
Behaviour
TA505 Loader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c8efa0caae331cfcff5ec198ccf240a73821ff2b3fc8e862c5c633404fac4d87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/48620/

Comments