MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680
SHA3-384 hash: 75c391fb4f53f6be345a6844795d69cf967a314e57070fb535bf99d0463ce0c3815a51ee496976cbbb56cf9ab3286d5f
SHA1 hash: 05aa44ca3c32d28f0a8b81e15754a7f1e64244e6
MD5 hash: 7dbf076ad33426dd2dab5523ae01817f
humanhash: august-steak-yellow-robert
File name:7dbf076ad33426dd2dab5523ae01817f
Download: download sample
File size:334'336 bytes
First seen:2021-11-22 23:29:37 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 6144:Psy+hoQ9cT1zEOAzP2tUO2VMb7tioRFMR17o:P4V9cT2OVx9vi
Threatray 1'198 similar samples on MalwareBazaar
TLSH T1F9644A213219CF01C1BD57FAC49B55006BF97B433466DA08BFDB32ED5942BA28E196CB
Reporter zbetcheckin
Tags:32 dll exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm obfuscated packed
Link:
https://www.filescan.io/uploads/619c27fedd04e7d00e02ea7f/reports/a88c271e-18de-4f40-935e-8ea3edab265b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1b7e1906-7f13-4b3c-8148-5e224d1c4bca
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/894289
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 526763 Sample: CmnrAtR4ge Startdate: 23/11/2021 Architecture: WINDOWS Score: 52 13 Multi AV Scanner detection for submitted file 2->13 15 .NET source code contains method to dynamically call methods (often used by packers) 2->15 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-21 00:28:43 UTC
File Type:
PE (.Net Dll)
Extracted files:
55
AV detection:
10 of 45 (22.22%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0dc975463ed56da75689bc1dbee1f22007743a1beaf5417951c186b967a597f8
3b20be034ea25bcf142fe6d985c38918bde59c780b3ac7bdef4f0b88048f5dd0
5e93e8c7f6ba5a59e14d6c4fc47eaf264872e25b424e59924ff3b216f62ab6af
8d46b6ae4ba66360d4bc8be70090cba933a62d31bcabcdc40f86de26eda98160
9c3265fd4f143e5d919decf7878f414461a951da3cf83e20f6fafc5c82626b8d
ad5d4e214bf6c1bdeaa55653c66aa2416e33d49f8f17104ebcf7108365ec4419
bfda36d3ebc1fb857cb54351080065ade276dc8f3a4123642c733f9b46ff89c0
f28cc0f1f1a0408490a39ab982477aa19dc7b199c599e9f9a89e62f2f423a24d
+ 1'188 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211122-3g5zracbd2/
Unpacked files
SH256 hash:
15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680
MD5 hash:
7dbf076ad33426dd2dab5523ae01817f
SHA1 hash:
05aa44ca3c32d28f0a8b81e15754a7f1e64244e6
Link:
https://www.unpac.me/results/97771047-1d6d-4f0d-a6be-22645f6d1814/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 15fb940f6d833fa937acddc63016c9bb2e5c12cc5e67a3cbf56d1eab79385680

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/208480/
  
URLhaus
https://urlhaus.abuse.ch/url/1807148/

Comments


Avatar
zbet commented on 2021-11-22 23:29:38 UTC

url : hxxp://160.20.147.90/x.dll