MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash:	0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2
SHA3-384 hash:	9a1e6b66d35b8bf9a586369278cac80a9d6d0b30c6b4d1a90029214c92182554203a98c431700d742c82594f225db309
SHA1 hash:	93242e9dc660973b98ebe70668b34fea4a89efc6
MD5 hash:	b78a0f1e0b62d0a50c1fcc3fffb9461e
humanhash:	tango-carolina-sad-five
File name:	Tyrone.dll
Download:	download sample
File size:	402'944 bytes
First seen:	2024-08-13 23:57:07 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	6144:4u89xM+rYjX35V1cNHO18GxSCbkBWSdVFK9A7Ymz/Mol0QBUv3+LZOOeRUh8a:4pm5j18GxFkQSdVFnYmz/0QBUvcYOY2
Threatray	3'887 similar samples on MalwareBazaar
TLSH	T146847C09F666DB1FC79A8B7BC4D55C58F3B09403F14BF72B214202EA690B3E79A11297
TrID	87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32) 3.8% (.EXE) Win64 Executable (generic) (10523/12/4) 2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Reporter	ukycircle
Tags:	dll

Intelligence

File Origin

# of uploads :

# of downloads :

539

Origin country :

Vendor Threat Intelligence

Detection(s):

Win.Malware.Zusy-10009321-0

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66bbf30caa5b40be0aa02bbc

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

vbnet

Link:

https://www.filescan.io/uploads/66bbf30b32f6d05ff3cc651d/reports/e396ee59-f54e-4d44-a448-22495e0045d0/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Agent Tesla

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/a9857671-729d-40fb-9d6e-f0b0d89c309a

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1492579

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

88%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2/

Threat name:

Win32.Trojan.Jalapeno

Status:

Malicious

First seen:

2024-08-13 23:58:11 UTC

File Type:

PE (.Net Dll)

Extracted files:

AV detection:

19 of 38 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bzcf34k4jmecbn46opinsaynptsu44hjb3vugkr2qtrzfhjz33za._file

Verdict:

malicious

651d356971d645a45e69342612a4cbf9017f4505ec7cf3716636209022095f33

684728d71a1b686e85a2671e253ecbd27da9e028f3160e84408033dc9ec21dbe

ec0cb53f3f7dd573b6449bed509234445870faabe3134f554f48ac150ae99de2

+ 3'877 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/240813-3z5rpswhjl/

Behaviour

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2

MD5 hash:

b78a0f1e0b62d0a50c1fcc3fffb9461e

SHA1 hash:

93242e9dc660973b98ebe70668b34fea4a89efc6

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/b365b01f-6549-42dd-ab84-5c69afc70c09/

Parent samples :

651d356971d645a45e69342612a4cbf9017f4505ec7cf3716636209022095f33
0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0e445df15c4b0820b79e73d0d9030d7ce54e70e90eeb432a3a84e3929d39def2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample