MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec0dcfe2d8380a4bafadb3ed73b546cbf73ef78f893e32202042a5818b67ce56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec0dcfe2d8380a4bafadb3ed73b546cbf73ef78f893e32202042a5818b67ce56
SHA3-384 hash: a43b4ee40e08f8cbbfae716aad869a758c2cdd43c11258a47a986e462bdbeaec3e8dcdfa9d6090727b633c4023e15bdc
SHA1 hash: 3a565d6e6c6a04dec89e8f3074db29fb5e360f74
MD5 hash: 20132985c13d77829de445c42df0e1fa
humanhash: july-blossom-berlin-delta
File name:10000000.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:156'672 bytes
First seen:2021-06-02 15:07:30 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash b2eafe5d4b8c52d2ad598c3ccde39584 (2 x YoungLotus)
ssdeep 3072:QSTRXHO5lCOvc4yrDLCNlXOtXazr/tTBfoaDtZ6fD:QS93O5lCOMrDuNlXO1antTBQaDtQr
Threatray 5 similar samples on MalwareBazaar
TLSH 9CE3AF13A74046BEE1A3433D949F5739AAFF7C300A5EE467B3889A0A1CA51DBD314B47
Reporter James_inthe_box
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/164089/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank.spyw.evad
Score:
96 / 100
Link:
https://www.joesandbox.com/analysis/796039
Signature
Antivirus / Scanner detection for submitted sample
Checks if browser processes are running
Contains functionality to access PhysicalDrive, possible boot sector overwrite
Contains functionality to automate explorer (e.g. start an application)
Contains functionality to capture and log keystrokes
Contains functionality to detect virtual machines (IN, VMware)
Contains functionality to determine the online IP of the system
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates an undocumented autostart registry key
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 428435 Sample: 10000000.dll Startdate: 02/06/2021 Architecture: WINDOWS Score: 96 18 Antivirus / Scanner detection for submitted sample 2->18 20 Multi AV Scanner detection for submitted file 2->20 22 Machine Learning detection for sample 2->22 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 2 7->9         started        12 cmd.exe 1 7->12         started        14 rundll32.exe 7->14         started        signatures5 24 Creates an undocumented autostart registry key 9->24 26 Contains functionality to determine the online IP of the system 9->26 28 Contains functionality to detect virtual machines (IN, VMware) 9->28 30 6 other signatures 9->30 16 rundll32.exe 12->16         started        process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ec0dcfe2d8380a4bafadb3ed73b546cbf73ef78f893e32202042a5818b67ce56/
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2021-06-02 15:04:18 UTC
File Type:
PE (Dll)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5qg47ywyhafexl5nwpwxhnkgzp3t554pre7deibaiksydc3hzzla._file
Verdict:
suspicious
Similar samples:
17075832426b085743c2ba811690b525cf8d486da127edc030f28bb3e10e0734
YoungLotus
210990e36122e0facc7c74373569f052fa0651ab06644330fe00b685793ee0fd
YoungLotus
b01719e59675236df1a0e1a78cdd97455c0cf18426c7ec0f52df1f3a78209f65
YoungLotus
be17d0aae808adf3e8030e73726ee59924b9b7bb72163d32cff6848a3c964520
YoungLotus
e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4
YoungLotus
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210602-6qw7w1l3q6/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ec0dcfe2d8380a4bafadb3ed73b546cbf73ef78f893e32202042a5818b67ce56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/164089/

Comments