MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09
SHA3-384 hash: 93b5aca70ee37052f341abfcfc2176422d6684226649c599a23b68dc9f8e5441d226f85b589f75265df88cf3a74955be
SHA1 hash: a3cc94307e3ea87aa064e85f3049120e18532aca
MD5 hash: c94ad1dde4d4a46c67d38635180df7c3
humanhash: five-mississippi-mississippi-cup
File name:c94ad1dde4d4a46c67d38635180df7c3
Download: download sample
File size:3'463'168 bytes
First seen:2022-07-14 05:22:09 UTC
Last seen:2022-07-15 04:05:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 32c00243248766c78e518933e661bd05
ssdeep 49152:2GtlquqIU6iidwFQE2CReGRUzo4mW0Uu33cEFCUsDKZvgvwUBsdmbHLhmiPI5lw3:f+idaoGRU8pP0ko+dmHAP5lc
Threatray 6 similar samples on MalwareBazaar
TLSH T152F5AE52A7A400E8D8B7C138C9568627E7F2B85513B09BDB06B4C6790F23BE16E3F751
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Reporter openctibr
Tags:exe OpenCTI.BR Sandboxed

Intelligence

File Origin
# of uploads :
3
# of downloads :
162
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/288151/
Detection(s):
SecuriteInfo.com.Variant.Lazy.149205.21990.10951.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
DNS request
Running batch commands
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/62cfa83e0b00dfa734ee48b4/reports/49d1bd34-0143-4317-ab27-fa98a2734731/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f84b6cff-f356-4593-a0bc-199ac620be39
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1031988
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Potentially malicious time measurement code found
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09/
Threat name:
Win64.Trojan.Tiggre
Create hunting rule
Status:
Malicious
First seen:
2022-06-23 18:59:03 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
16 of 26 (61.54%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3uwhssi2krtk55m66hm3ism6vueajzbmkjfginljzj5ijalur4eq._file
Verdict:
malicious
Similar samples:
36e08c2df39cd84d8969a95de6a6882fbc954e7ca31a5a5d4be8ec33cfa84649
61f1194b2b3a4dc3b4861a5a61c8dc58bce93a0ad0b18f61c8d66dbdbc04972c
73e926ed57eae4d7da49906fc5a8a0cc9507c5e3481e1146be98aaa1514773fc
afa9cfebde15f911aa345d129893fa0efcff73cb3b19fcd1ff39a252f7ac9496
c39778737ab289b8253a0c33f9fb9a0fd23492d2a0679d1759180b93ce110899
fb2604c4774fabb3c38cdaa40c46cde673cb98ac2bd58c46fc9a447849aaffb7
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220714-f2njwafedm/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09
MD5 hash:
c94ad1dde4d4a46c67d38635180df7c3
SHA1 hash:
a3cc94307e3ea87aa064e85f3049120e18532aca
Link:
https://www.unpac.me/results/ea981d9f-4ae2-4985-b599-4b7c1533e3c2/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dd2c79491a5466aef59ef1d9b4499ead0804e42c524a643569ca7a8481748f09

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2234173/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/288151/

Comments