MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
SHA3-384 hash: 4b0c8d9745906565f1fc6fea82fd54aab1cc61097d5609ac03913506b3c88a9ef8ce596830ab1469b4385b123f3076db
SHA1 hash: c4dd41a33c0d2c6cce5c38bf3013a61eb1ac1abf
MD5 hash: 7a9cfe939742cc345a8c6d8f6201fa61
humanhash: massachusetts-johnny-may-seven
File name:Montero.dll
Download: download sample
File size:759'808 bytes
First seen:2025-03-15 16:23:17 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:dEruaBGbIRtrSLSRyi74giZZpxQ3VQK2YMES1oNaATqicpl//RNJ90E:dk6cn4gW1QlaczBqF//9mE
Threatray 4'515 similar samples on MalwareBazaar
TLSH T1E2F4D019F76ADF1FDB198973C4D14818A3B0971AE20FF71B214612E99B073E7CA012A7
TrID 87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
3.8% (.EXE) Win64 Executable (generic) (10522/11/4)
2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter BastianHein
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
383
Origin country :
CL CL
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d5b6d03962f1a6f471aec7
Tags:
virus zusy
Result
Verdict:
Malware
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated obfuscated packed packed packer_detected reconnaissance vbnet
Link:
https://www.filescan.io/uploads/67d5a9b901edd28374b0c69c/reports/8a97ce8f-a780-4522-b8ea-c1c4fc371047/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/504f9d6e-dd6b-4416-a0ca-8d43c5d8aa82
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1639471
Signature
.NET source code contains potential unpacker
Antivirus / Scanner detection for submitted sample
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1639471 Sample: Montero.dll Startdate: 15/03/2025 Architecture: WINDOWS Score: 64 15 Antivirus / Scanner detection for submitted sample 2->15 17 Multi AV Scanner detection for submitted file 2->17 19 .NET source code contains potential unpacker 2->19 21 Joe Sandbox ML detected suspicious sample 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9/
Threat name:
Win32.Infostealer.Tinba
Create hunting rule
Status:
Malicious
First seen:
2025-03-15 16:24:10 UTC
File Type:
PE (.Net Dll)
Extracted files:
7
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cnskkw7mjryn74zhkr66ov3ciqepldduzcj7klbnjcf4tr3pstmq._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
Similar samples:
1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
2e0e7afdab8ca0ee49b2e3df7d9c8c3ff3f38d615fa114bd9dd06b8705842d5b
5c26905b4f4630bd686c44b0622e4937d7f41ab7c33a6d2a9182c23d70d8e104
acdcfb74712f171a6527ea14112eeb4bd482b7ae74f4e2990a946c8ccea8ad65
e6d6e42a6b67e3fdad165a4a0b5659773c3212c3aac6d323c30bea339da8f686
error
+ 4'505 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250315-twdpdaxxhw/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
MD5 hash:
7a9cfe939742cc345a8c6d8f6201fa61
SHA1 hash:
c4dd41a33c0d2c6cce5c38bf3013a61eb1ac1abf
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/1abaac7e-7133-4772-a8a5-cb941d0950d4/
Parent samples :
a35234d3e33acbb7e53abaec38ced3a45f6df0ad5ee17ba52b49478d0418f1da
1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1364a55bec4c70dff327547de757624408f58c74c893f52c2d488bc9c76f94d9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments