MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Valak


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2
SHA3-384 hash: 3ddd1bde0380223bdc4e24fda6f4421d312e0cb6cd2bb4674431eabc07dfdeb39df52854d57d763cf62611b4bae21104
SHA1 hash: 1bbd1028c1e380abd061355ba4d81075d2c34803
MD5 hash: dfa5e4fd4ec7c885aec6150c8723b813
humanhash: winter-leopard-network-quebec
File name:response.bin
Download: download sample
Signature Valak
Create hunting rule
File size:316'416 bytes
First seen:2020-06-30 15:57:11 UTC
Last seen:2020-06-30 16:47:40 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash d831b3fc1952a15e2df1f8c8fe62ab57 (1 x Valak)
ssdeep 6144:2AznjdhcNdUE+jHmRa6IxNXMVt7HlVqvCKmHY6GO+4G:2Az5hcNF+jHmsHXMr3GmHzBG
Threatray 20 similar samples on MalwareBazaar
TLSH 9964BE3DB581A036D02F4239547AD97045BDBC318F7F9B4B77C84E1F1A72780A62A7A2
Reporter j_dubp
Tags:Valak

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'863
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/17376/
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2/
Threat name:
Win32.Trojan.PackEmotet
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 15:59:04 UTC
AV detection:
18 of 29 (62.07%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=7azmhhvcpf244pfz7nqlmnusosx5lg3tficger4hzoba4c2sz3ra._file
Verdict:
unknown
Similar samples:
0aa6ad540cef4f7c3583accdb2d103681f2ebf066928df8760f2b5668fbd58f2
Valak
193a7b4684ef1fcbff753f7466d61b17e11a6335a3c47a09569ec72f181d652a
Valak
654e574fb479af0a9f8d277ed12f2d86681b76b4cfe63d7c9e774f5144be8801
Valak
7080a3f1e096628a4b498fba078b2bc9cb3706145e0770de5f43108daa28b0aa
Valak
72d14b5dbeb6122616375a565b069cb2ef855fc5f581eddc6851d9bda1ed0974
Valak
85efd0b4c3bb6232c4e075e99c46574b564785b0bdfa1b8bd91805922d91cef3
Valak
b9689def990ba4d8db5f260e373c7ccd442ce09b468af9d97a906cfda1863826
Valak
bff33dc4020ac8eeb354eb4a20f241f0bef6e1f15c029ba33b2350d84e8de42a
Valak
e9a315800b66a07aad3d74af0809436ee372c5476ec73dca1c588580826aff29
Valak
eeeb8aa8df15fa4ff30e3335ed92431f7ec9006705f4c15a0ee51f4cb56066ed
Valak
+ 10 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200630-k2ar431ng6/
Behaviour
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

5cf3095f1254e4aacdbeb10d2dacbc25

Valak

DLL dll f832c39ea27975ce3cb9fb60b6369274afd59b732a04624787cb820e0b52cee2

(this sample)

  
Dropped by
MD5 5cf3095f1254e4aacdbeb10d2dacbc25
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/17376/

Comments