MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6
SHA3-384 hash: 050b06a19185b04f49c0e3102cc86068f3bf65bf76ce9ce31ae44daf827a9eb9d45c46f61392a3e593b8122b10959c84
SHA1 hash: a93d0f59b3374c6d3669a5872d44515f056e9dbf
MD5 hash: e7e4878847d31c4de301d3edf7378ecb
humanhash: march-echo-washington-edward
File name:eediwjus.dll
Download: download sample
File size:5'632 bytes
First seen:2022-01-01 08:09:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 96:qUG6xykl2J6lc5irN3qjNu47Ru/8IAgecgKDD:qsQMl0u3qjA47RuZAhk
Threatray 15 similar samples on MalwareBazaar
TLSH T16AC16C06D61191A5C909C578BE134AF14E8C8CA03BC9D0A86A59E7ADF444821CB83CAA
Reporter JAMESWT_WT
Tags:AppX exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
eediwjus.dll
Verdict:
No threats detected
Analysis date:
2022-01-01 08:12:48 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/41f91aee-5abd-427e-a013-5293d8cffacb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/216981/
Detection(s):
SecuriteInfo.com.Variant.Adware.Lazy.185.21899.22658.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/61d00c63ec6c6c14a902a66e/reports/49ae61c4-6199-4046-a15c-03f3d5d99ce6/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/268dae89-ab30-4150-93e3-120ed872f779
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/914421
Signature
Multi AV Scanner detection for submitted file
Rundll32 performs DNS lookup (likely malicious behavior)
Sigma detected: Suspicious Call by Ordinal
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 546900 Sample: eediwjus.dll Startdate: 01/01/2022 Architecture: WINDOWS Score: 64 26 Multi AV Scanner detection for submitted file 2->26 28 Sigma detected: Suspicious Call by Ordinal 2->28 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 12 7->9         started        13 cmd.exe 1 7->13         started        15 rundll32.exe 12 7->15         started        dnsIp5 22 iffault.monster 9->22 30 System process connects to network (likely due to code injection or exploit) 9->30 32 Rundll32 performs DNS lookup (likely malicious behavior) 9->32 17 rundll32.exe 12 13->17         started        24 iffault.monster 15->24 signatures6 process7 dnsIp8 20 iffault.monster 17->20
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6/
Threat name:
Win64.Ransomware.Convagent
Create hunting rule
Status:
Malicious
First seen:
2021-12-31 02:59:18 UTC
File Type:
PE+ (Dll)
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
03be30bf83c48de2fc11174179c6b466cde149f2af7032dbc8bf2036a12b0e1a
0fb0c5adab8984099449d207c2513cdd18d62d795e761cf4d3a70df6b2a0973b
1814a6a6749684cdacd792374e0ba31b7be4ff6f9675f3fd15d543afbb540367
291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b
3b90a0400e326fe9249c6829be0fb43d64dabe38fbe903109f29c53899e74f5d
64bb301a1ef092d05ce99b282df5d6967b01a4598c292d14608137a180ecaece
74da3ea957d693096779aceac7a1bd3ec775291606df62429f73e8a9d9cec682
cac07a4582d65b74322168e6aed9d7fd05e59e335fb7d1cdb7b5f7149a07d3eb
d22f536d4d6cc001271855f4467af0bbc656801e1ffa34a8acd905db56cebae0
dc7be5c75c746cd6e0660711d3fb8bc8753d760ece99c00f222fe21d9ddd4204
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220101-j2p99ahec7/
Unpacked files
SH256 hash:
f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6
MD5 hash:
e7e4878847d31c4de301d3edf7378ecb
SHA1 hash:
a93d0f59b3374c6d3669a5872d44515f056e9dbf
Link:
https://www.unpac.me/results/f0bfd55d-6092-42a8-96ba-59ec8cf92337/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f423bd6daae6c8002acf5c203267e015f7beb4c52ed54a78789dd86ab35e46c6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/216981/

Comments