MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28
SHA3-384 hash: e8a6d969eca7e6196ef104e7e2a2aa9335ce59e7618c860dc2153764e1e9d367aa7b9a17697299601a8d99a5c348ae9e
SHA1 hash: ed4ab8a52fddbe0380c03670c3d97b352d58ab66
MD5 hash: 6ce925af384549bac023c318ced9f559
humanhash: twelve-steak-video-nine
File name:6ce925af384549bac023c318ced9f559
Download: download sample
File size:631'808 bytes
First seen:2021-09-07 13:19:53 UTC
Last seen:2021-09-09 04:20:12 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:NEsdUqoYAg+Ts4X+Fyge7BWNAwxTUW6vWmz4Pmu6ohyEZ:2KUqiX4Q+FZ3pKq
Threatray 6 similar samples on MalwareBazaar
TLSH T15FD412C605C0DFFFC023A3F2B1CED671B6B4269141B3513AD5E28495599CCABA4CC9EA
Reporter zbetcheckin
Tags:32 dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
101
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186037/
Detection(s):
SecuriteInfo.com.Trojan.InjectNET.31.26335.21433.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Sending a custom TCP request
Malware family:
CinaRAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b20cc3ce-3839-495f-bfa5-61d0b2dd3100
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/846625
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 479057 Sample: yl5ZH2WQsv Startdate: 07/09/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28/
Threat name:
ByteCode-MSIL.Trojan.InjectorX
Create hunting rule
Status:
Malicious
First seen:
2021-09-07 13:20:07 UTC
AV detection:
11 of 28 (39.29%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f
1e6131270a54d52eff9606baa7503abf3ba8b20f268f99dd2657f750532e9396
76d36d05b09395fe390b70f948d9d3750a8fc1c4c7b1ce1fb76f86a95583cd05
7d017b752826bf83685828bebc8a00b050490f46aaa8c21b0dd1020f0c9b563e
bb1b5b72a867a401876a6ad6a9bcc1f4af9f4e4fdb568ef7ce2b812796b48c7a
c9f3809e03b16e882045d60098de50368ec918f1ebf62ef620269b847cc05bcf
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210907-qk4jwafhcp/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28
MD5 hash:
6ce925af384549bac023c318ced9f559
SHA1 hash:
ed4ab8a52fddbe0380c03670c3d97b352d58ab66
Link:
https://www.unpac.me/results/1e3438d1-509f-47e1-8649-44eb99483c70/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Embedded_PE
Create hunting rule
Rule name:Embedded_PE
Create hunting rule
Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 034fe01b3eb7fe22d0b00bd26acaa56810071dbf78fe78a52fd926dd82d7eb28

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/186037/
  
URLhaus
https://urlhaus.abuse.ch/url/1599692/

Comments


Avatar
zbet commented on 2021-09-07 13:19:54 UTC

url : hxxp://159.65.18.32/7845124587845778645465465464.jpg