MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LemonDuck


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd
SHA3-384 hash: d1ed6377b1eab5eb23e4e20a47d0130359d07473c2bbb158c26a7648b6391bf9ac830996864e9412f684a9aeb4276eb7
SHA1 hash: dcb9118569388375b855e965a587440f069e68c9
MD5 hash: c914cd653e0e3dedc050e182b04d0877
humanhash: stream-india-fix-earth
File name:readme.js
Download: download sample
Signature LemonDuck
Create hunting rule
File size:9'330 bytes
First seen:2021-03-18 18:15:52 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 24:QCe1Amig4i3k0VCEb2EkZNvL4DXgISOAhB:8biS3k0VCEbZoNj4rG
TLSH 2212452337E95304B0F20AC9987319754F2B7A58A93E9EC806EC540C1BE3E5488A5BE7
Reporter abuse_ch
Tags:js LemonDuck


Avatar
abuse_ch
Malspam distributing LemonDuck:

HELO: platinum.bah.in
Sending IP: 216.172.109.173
From: <store@shpcl.com>
Subject: What the fcuk
Attachment: readme.zip (contains "readme.js")

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'044
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Js.Malware.LemonDuck-9775029-1
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd/
Threat name:
Script-JS.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-03-18 18:16:12 UTC
AV detection:
19 of 47 (40.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rqs6xalcfnvue55xhug7cofx7rdfzplo2qhypaknwkj7afprh6q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210318-ly7fjq3jwj/
Behaviour
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

LemonDuck

zip ca7315fd86b7d9dab4c9eb6eec2ec8eaf89cd7e96a0d5d543bfdd50b1c96960a

LemonDuck

Java Script (JS) js dc612f5c0b115b5a13bdb9e86f89c5bfe232e5eb76a07c3c0a6d949f80af89fd

(this sample)

  
Dropped by
MD5 4275bbf0f1ea74ab506ae7b354e53f05
  
Delivery method
Distributed via e-mail attachment
  
Dropped by
SHA256 ca7315fd86b7d9dab4c9eb6eec2ec8eaf89cd7e96a0d5d543bfdd50b1c96960a

Comments