MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e892dbc4036d53ede078f61452515f549d8bac9a471adff6c3a9bad0b99965d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e892dbc4036d53ede078f61452515f549d8bac9a471adff6c3a9bad0b99965d2
SHA3-384 hash: b02c3047c21c6763369466f2fc1e981cbfbba5498dd301c3fa015d7489d0277557a4affb9c46237bd126de3d38e05ce5
SHA1 hash: bdd00a11bf7db90dc008ede421a6a5ef79121fd0
MD5 hash: 64a8038e7c00538cd34ae3f153acac1a
humanhash: quebec-king-glucose-nebraska
File name:SecuriteInfo.com.Mal.Cerber-AL.14582.18383
Download: download sample
File size:195'072 bytes
First seen:2020-05-12 21:48:39 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 23efc172346facf37967104d5fa96d1e
ssdeep 3072:0cVoOL9xRLnQbOrjWQkj1o6JKyk5BcVoOL/cVoOLF6z6CRV:5HRiQ01oPYCFGz
Threatray 1'529 similar samples on MalwareBazaar
TLSH 6814CF2A481EEE4BC4AF377A50333E4786809E250BCFC60599D6DCB8B55B19F251DBC2
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Detection:
Hancitor
Create hunting rule
Link:
https://www.capesandbox.com/analysis/3461/
Detection(s):
SecuriteInfo.com.Mal.Cerber-AL.14582.18383.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Cerber
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 20:12:26 UTC
File Type:
PE (Dll)
AV detection:
20 of 31 (64.52%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
12f87dd075fc12c2b6b15a1eb5ca209ba056bb6aa2feaf3518163192a17a7a3b
1b2094d2d7015ce59416ddaf7a827d03837bde54a330dc5600ceac3f91799559
352daab10d160b6e53685f1eadca2cdfca6e75a4c062129e9f82fae1d89117c9
4270244e30ff3c565651ea2907401210355f0e0da471a9053e42aefd64488031
687bbb360426bced3a9f69df3a4ae321c30c2e6e8cc40bde6b6b7519a6aaab34
a1ea6e27f13d729c388d0cf8a22f07407bf52290d0b68f4d4da1637d3a2b8eea
af85081a6d3c6a59e34ab8c6a49e4d1c1d80b8b6a4417b879b6befa72cc4b997
bd6840cc208517847e130db0c847e715ba80a88e210e6383b37c1d0381877ee5
e52d446a99ecb9ca9f18365bab6f30e2cc1f6a97f668ea6ac38ce2a9b9ae3784
e892e7f5b3919e1c3d92ee26e7b4313e753cad797e3397138a1ccef2b1289b1d
+ 1'519 additional samples on MalwareBazaar
Result
Malware family:
hancitor
Create hunting rule
Score:
  10/10
Tags:
family:hancitor downloader
Link:
https://tria.ge/reports/201109-ec2ndtwlpx/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Suspicious use of SetThreadContext
Looks up external IP address via web service
Hancitor
Hancitor Payload
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll e892dbc4036d53ede078f61452515f549d8bac9a471adff6c3a9bad0b99965d2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/361748/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/3461/
Cape
Cape
https://www.capesandbox.com/analysis/3460/
Cape
Cape
https://www.capesandbox.com/analysis/3457/
Cape
Cape
https://www.capesandbox.com/analysis/3456/

Comments