MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edd98c786c6e3a65897d93235b833dd4c19b07cfc83ee6210e7366d1159df2cb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


TA505


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edd98c786c6e3a65897d93235b833dd4c19b07cfc83ee6210e7366d1159df2cb
SHA3-384 hash: fea909e82205192ffad851e54faa39c7b7ca5e8a8a4593bcb71e2cd21463103da2090f247ade9c2c833119c5594f7e1c
SHA1 hash: ac3300f216e770323cd20ac1510a4b3f6a8ff739
MD5 hash: 117c0337b6578452501ba2a8a462c344
humanhash: nitrogen-lake-oklahoma-lithium
File name:srt_join2.dll
Download: download sample
Signature TA505
Create hunting rule
File size:277'392 bytes
First seen:2020-08-21 11:36:37 UTC
Last seen:2020-10-11 05:14:09 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d8d797fe8559ad3ba212d07fca57fc0b (2 x TA505)
ssdeep 6144:ucSkMjp85VLFVBsyDporTCW0UuhF9JseWUTHUFc:ulkMjm5HVSwpjW0Xr9bLn
Threatray 5 similar samples on MalwareBazaar
TLSH 1A44C0DBCB23F2DCF9A6D6B4A8507233BE613D18912C85E9A3904F914B07654D8FD398
Reporter James_inthe_box
Tags:dll TA505

Code Signing Certificate

Organisation:INFINITE PROGRAMMING LIMITED
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Jul 27 00:00:00 2020 GMT
Valid to:Jul 27 23:59:59 2021 GMT
Serial number: 4E8D4FC7D9F38ACA1169FBF8EF2AAF50
Intelligence: 10 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 88DB68F95A221348C630E175C18B9E8AA4B103B9AB89A29142C3A06A47F90C99
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
3
# of downloads :
103
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49538/
Detection(s):
SecuriteInfo.com.Generic.mg.117c0337b6578452.26825.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
0 / 100
Link:
https://www.joesandbox.com/analysis/444087
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/edd98c786c6e3a65897d93235b833dd4c19b07cfc83ee6210e7366d1159df2cb/
Threat name:
Win64.Trojan.GraceWire
Create hunting rule
Status:
Malicious
First seen:
2020-08-21 11:36:12 UTC
File Type:
PE+ (Dll)
Extracted files:
2
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
714e660b728139817055b394231162a7cbe2198ba6662c8450f18e69d0db4402
TA505
803df5563322ce783b5dd6dc8349b231efca92c8a14ddc7b45c107891e939dcf
TA505
c8efa0caae331cfcff5ec198ccf240a73821ff2b3fc8e862c5c633404fac4d87
TA505
f2533afe59d0a7eca33e3b73190ec28c1b118e77406e2034d115171cef3bd247
TA505
f7125019233ca9714d5b2b16ef66119c37bc9033597f0c39e9defa1dc0f5c1df
TA505
Result
Malware family:
n/a
Score:
  10/10
Tags:
loader
Link:
https://tria.ge/reports/200821-nj66ct54ke/
Behaviour
TA505 Loader
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/edd98c786c6e3a65897d93235b833dd4c19b07cfc83ee6210e7366d1159df2cb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/49538/

Comments