MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Banload


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b
SHA3-384 hash: 64939779a57b3ff06e0cb870b4308fc383e09cd131d3f1fd306098e2c9b726c4744b062a4d9e5fcbfe55d0f2f2a065fc
SHA1 hash: 85985a416e0c877afcfae3c0ada9140608d0431a
MD5 hash: 9eea96d15fe2b78c9c90dc9b4fe205d4
humanhash: undress-sodium-cat-harry
File name:AICustAct.dll
Download: download sample
Signature Banload
Create hunting rule
File size:386'584 bytes
First seen:2021-10-25 08:35:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash f18ed9efc687a969256c2b2d7a7fe381 (1 x Banload)
ssdeep 6144:oL/NjgDrGNYcROfLIEXqXOkPsMffB2eVexz7MQBwquuCbZ+BvzpYcDNTBodAOE6h:W/1gDrGN7ROfLysMffB2eVexRuuCbZWk
Threatray 31 similar samples on MalwareBazaar
TLSH T19B846B60759AC536C87E0470753DCAAB11293BB11B7A88EBA7CC5E2F09749C21371F6B
Reporter AndreGironda
Tags:Banload dll


Avatar
AndreGironda
MITRE T1566.001
Date: Mon, 25 Oct 2021 00:00-00:30 +0000 (UTC)
Received: from f79.user-online01.com (52.243.78.50)
content-type: text/html
Subject: ✅ <removed>, Pix Recebido com Sucesso- - ID:914767914767
From: BCO-CENTRAL <gerencia-central86236@f79.user-online01.com>
Message-Id: <20211025002820.F02423FB76@f79.user-online01.com>
Return-Path: root@f79.user-online01.com
Malicious URL: hXXps://res.cloudinary[.]com/dpxbbemsn/raw/upload/v1634858510/chegouseupix_d2av9g.html
Microsoft Installer Name: FORM_PIX XJTVCZG.msi
MSI SHA256: 951c2f341e914601140aa9ead05895f6957d5cbfda80b81be99015d2be02d44f
Unpacked DLL 1 SHA256: 23179a9183cb0c0d3e10bfbf6edd5b1d92244ea1ae3120bb008ac09cea59b217
Unpacked DLL 2 SHA256: 5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b
Unpacked Executable SHA256: 35a42f9ea63f72cda8a6c7af60a3fac081154128cba2bf7a7392d85383b6d18a
Stage 1 URL: hXXp://ec2-18-231-149-132.sa-east-1.compute.amazonaws[.]com/mod2.zip
Stage 2 URL: hXXps://759c87514850247c.s3.us-east-2.amazonaws[.]com/0321F9132EC97FDC5EE532FF.zip
Stage 3 URL: hXXps://unterteks.eastus2.cloudapp.azure[.]com/gbuster/barman.php
Stage 4 URL: hXXps://pspentregasonline[.]com/cor/amarelo.txt
Stage 1 Zipfile Name: mod2.zip
Stage 1 Zipfile SHA256: e44b18cfc6e3ae2e161f1c5bf59716754f734a48b8cda07e42f32bc55bc07a4f
Unzipped DLL Name: rqvufRfLLN.dll
Culebra Variant DLL SHA256: 2f8b16754738ee4c6bbc63da55e8162f75906b62991081b81e8ca24552123025
Unpacked Culebra Variant DLL SHA256: e6bf7bc4b7f5235a307f5253ef3595d8aa50fefcfdb141d0e75c108676a584cd
C2: 20.206.126.228:55516

Intelligence

File Origin
# of uploads :
1
# of downloads :
846
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/199849/
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay
Link:
https://www.filescan.io/uploads/6176a37e9a5a1e91c5d20dc2/reports/cc43346d-3f48-4558-80b8-501b30e3608d/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1d00d65e-467c-4078-b3e3-0dd0e09ed946
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
4 / 100
Link:
https://www.joesandbox.com/analysis/876103
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b/
Verdict:
unknown
Similar samples:
13241421d86807055664ccd771acbcffd378d52fbeb1a35b3106e4c2c5cc443a
Banload
27037adba1bbede3fb44bcc190a33134b020a8ebb48f39a16790c0c358ca94e5
Banload
276fe35ed289cc299cca3a511c089d5d9994bb21c26818946b9ae2a0e7f6f584
Banload
3529493db869e38f4cc8d85f0b5e3964abb6b9aa9e053b6884b47ff610551239
Banload
368a995009f0a3324ed392ed8411bd64c41d091fb22ef20170f9c9fd50ee8c8a
Banload
766813a2d32e70dd895aa89f769d1db2e6acbb4107b3712775902da1ca6eff53
Banload
8cb6d0ac34d090ebf86cc3b0fb51dc57b89b2429627dd15170b29ee29d02ad08
Banload
8ee5beec825590d2f25175e51b4a6bed6b3e678901c32d4e14c177df62bdf737
Banload
c5d5bd4d5b66de5559e4ebb98251b74b49baa08a50cfc8f69b2c9005fcc861a4
Banload
ca8eb4d83e1827e0fd86c260a60b1a9bb24876e15e1e0c55755d32314f308f4a
Banload
+ 21 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211025-khk2vsgggp/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b
MD5 hash:
9eea96d15fe2b78c9c90dc9b4fe205d4
SHA1 hash:
85985a416e0c877afcfae3c0ada9140608d0431a
Link:
https://www.unpac.me/results/8b0e972f-7874-4abb-9da5-871f629de196/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Metamorfo

Microsoft Software Installer (MSI) msi 951c2f341e914601140aa9ead05895f6957d5cbfda80b81be99015d2be02d44f

Banload

DLL dll 5b6cdda58dabeb641d45086144e3b2e92ae1ba2c7a10cfdb4c6db09ca971d45b

(this sample)

  
Link
https://tria.ge/211025-c7zybafeb5
  
Link
https://app.any.run/tasks/492835fc-937e-4b02-8c30-f26d6ddb0740
  
Dropped by
SHA256 951c2f341e914601140aa9ead05895f6957d5cbfda80b81be99015d2be02d44f
  
Delivery method
Distributed via e-mail link
Cape
Cape
https://www.capesandbox.com/analysis/199849/

Comments