MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 4 File information Comments

SHA256 hash:	007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9
SHA3-384 hash:	c8155223fa8e30153e2cc516b8823263c7cbf49efb25e9e9b11a5c31fc38ef1243db17776288ac6bb9f9c32d55ca9c07
SHA1 hash:	89211fe603f97e68d57326b49e6b5995bb934af6
MD5 hash:	86b4e334101a25714346b0f4b800e521
humanhash:	papa-six-thirteen-delta
File name:	169287048497cc20798768a526acda10cc065eb8bedff6ebc3fcebfab561c6cb6a505d3209896.dat-decoded
Download:	download sample
File size:	45'056 bytes
First seen:	2023-08-24 09:48:05 UTC
Last seen:	2023-09-05 17:59:53 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	768:CyJCG+Q3S4ikYyY432WJylVzy3vLt73ZKWhz0Nn2fVCG:kN0UlmvLt73ZV1V
Threatray	31 similar samples on MalwareBazaar
TLSH	T112136D13F787D672C5D90BB7C597928003B0DB806663EB5F758E230AAF533AB0B52649
TrID	87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32) 3.8% (.EXE) Win64 Executable (generic) (10523/12/4) 2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	abuse_ch
Tags:	base64-decoded dll

abuse_ch

Malware dropped as base64 encoded payload

Intelligence

File Origin

# of uploads :

# of downloads :

260

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/444461/

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.7792.8659.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Gathering data

Verdict:

Malicious

Labled as:

MSILHeracles.Generic

Link:

https://www.hybrid-analysis.com/sample/007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/6aa35bc6-65f6-4a6e-aa1e-1433dbbcbe4a

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1296552

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Sigma detected: Execute DLL with spoofed extension

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2023-08-23 07:46:37 UTC

File Type:

PE (.Net Dll)

Extracted files:

AV detection:

19 of 36 (52.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ab5z5gbhtzuqmwht5yg2aiz7hriwnfbfyucmqupylgtazaqydk4q._file

Verdict:

malicious

30677a0487ca9917350dfd860dc7ff317e37e0b8d937bb4d4ec20d8afc276eb3

4dcdc8ee41ee8849180bc698ad3ab4e7a32c23442fc9dc70fe0adf283f219fd1

621d810b1170a19891830225b7c29d147714a36597e43e92ba3c9076d1244bd7

723a40b5d10baf215da246cb02dbb7b5eee5e2a53efe6eef08414094f3e12563

73c59acf10fc928b703d88860a219e13493dce599914ec48e59a2ceeec3bee05

9442fbb4a8b6fff536bf913966cf56849bd7808397a8426ce01fbe1c0577a2ef

cfc48dfa8aa74b169189104a5f606cb6738fac9828808dfb1e64cbbd3564f10d

+ 21 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230824-ltcejadb3v/

Unpacked files

SH256 hash:

007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9

MD5 hash:

86b4e334101a25714346b0f4b800e521

SHA1 hash:

89211fe603f97e68d57326b49e6b5995bb934af6

Link:

https://www.unpac.me/results/86548033-04cb-4248-91fd-f6a99ccb6414/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.96

Link:

https://yomi.yoroi.company/submissions/007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETDLLMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

97cc20798768a526acda10cc065eb8bedff6ebc3fcebfab561c6cb6a505d3209

DLL dll 007b9e98279e690658f3ee0da0233f3c51669425c504c851f859a60c82181ab9

(this sample)

Dropped by

SHA256 97cc20798768a526acda10cc065eb8bedff6ebc3fcebfab561c6cb6a505d3209

Dropped by

MD5 6ce62f14b21e8b686740ac1166a9c6f6

URLhaus

https://urlhaus.abuse.ch/url/2706704/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/444461/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample