MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dec66b4f3cf3475a91d972d4820cc6ccd75477075184bec61840d1b051d0e1cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dec66b4f3cf3475a91d972d4820cc6ccd75477075184bec61840d1b051d0e1cc
SHA3-384 hash: d5fcbe5c67945c961a3d1929ef9b8468474f502b35dfacf3ff57e3bc29c6515fe8e7fcc8f381de6609743049594cdef4
SHA1 hash: 02c6c43027f7f53d7e13aa788c53cbf4c3aba529
MD5 hash: ab68c8c417e434b6340d281dbc3e50dc
humanhash: video-jig-hot-muppet
File name:seminar0810.dll
Download: download sample
File size:118'784 bytes
First seen:2020-10-08 16:54:07 UTC
Last seen:2020-10-08 17:37:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 1536:BhzE5piRCIbxU7tnv0rrIcbAGkGFnZWe3tEScTmnWyZAhWsrbTrs5ASCMKgH5SIz:U5pD6rFsiZWeCSc5yihl3saHMHkIz
Threatray 40 similar samples on MalwareBazaar
TLSH BAC33902FBA7E1A5D02AC53503E67132F8753C26D479FEEE875053565A24FB0A7AE320
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/69309/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
DNS request
Sending a custom TCP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/485818
Signature
Multi AV Scanner detection for submitted file
Tries to resolve many domain names, but no domain seems valid
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dec66b4f3cf3475a91d972d4820cc6ccd75477075184bec61840d1b051d0e1cc/
Threat name:
Win64.Trojan.Mansabo
Create hunting rule
Status:
Malicious
First seen:
2020-10-08 16:53:53 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1d20f089698311891fac0a5cc2f3ecbfc1ce8e38d5e75a8a55b822324e8b1d35
2d02e69bdb215434458e28a4a8b2ccab2d2f4c176a175043e35284819aecd6db
7ab6936ad40377ecea070401a55ef15033c9ee2e441a2aaa0dc963a081502761
9d6bc6e4160de2b643944978e6417707742e0d289dbf967bac789d79b67c920c
a270b677976266c10d5f062135372fd3f848f4b4dcfeaedd249d5069dc9e962e
b16b088a2a3eb51d7ac1474e8de37a88a5f5b5db2ffaa6fe25457ca5a2688796
b44cd4e38caab3aec3cd634a10f62e36021628ae9a16c0a577ce011fcf22b46f
c7d7e6c6dc477e5fdb2b2a26eed1b53e77d455dbec8df800927a5bae69a2cc10
c8989c184174f25a13a23242d9e7d2c99f74ca9e283d1d4b1ad642bdcb89ba63
fcb6176fe71dbce1d5474b52e65726dfd4687c6b72f31e7099ac5d79328f681e
+ 30 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201008-7ql28akhse/
Behaviour
Modifies system certificate store
Unpacked files
SH256 hash:
dec66b4f3cf3475a91d972d4820cc6ccd75477075184bec61840d1b051d0e1cc
MD5 hash:
ab68c8c417e434b6340d281dbc3e50dc
SHA1 hash:
02c6c43027f7f53d7e13aa788c53cbf4c3aba529
Link:
https://www.unpac.me/results/e6968cb9-fc63-48cf-b237-87611daf62a3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.98
Link:
https://yomi.yoroi.company/submissions/dec66b4f3cf3475a91d972d4820cc6ccd75477075184bec61840d1b051d0e1cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/69309/

Comments