MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5
SHA3-384 hash: 8fb880f92dfb9b150cf423c3d245f23a85f0e40430ecdccacee112dfa748bda67cc70d24d29afb3c783cd2feb3cef721
SHA1 hash: df6599756cc41b0ed6f34a953eebfbd07e4544ae
MD5 hash: b3d36ee8b7db47d9b11a5e6712c1dfa1
humanhash: gee-lithium-mexico-beer
File name:1.dll
Download: download sample
File size:1'682'944 bytes
First seen:2025-09-19 06:31:06 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4c96ea8dc82ecad377b85f1f54396b90
ssdeep 24576:YBzuJt1698Q8bGE48QE6ZwzPlS8uewgBO3Qhnxlp7:suT1698Q8Sf1gMWnxD
TLSH T1E375A004D2404790E536C3FE6ADCAE96FC17F43AF1FAA8EE1EB110EB7541190E19AD91
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
SE SE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28257/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ccf912246a2631bd30f629
Tags:
malware
Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug fingerprint microsoft_visual_cc obfuscated overlay packed packed packer_detected threat
Link:
https://www.filescan.io/uploads/68ccf9a7e39a6830ee40a08f/reports/6ee14619-82b9-4fb1-84b8-ce8c5fa9f12e/overview
Verdict:
Malicious
Labled as:
Mikey.Generic
Link:
https://www.hybrid-analysis.com/sample/1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5
Verdict:
Malicious
File Type:
dll x32
First seen:
2025-09-18T17:01:00Z UTC
Last seen:
2025-09-18T17:01:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5/results?tab=lookup
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1711ec9c-536d-4f99-990d-c8e348352910
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
7 / 100
Link:
https://www.joesandbox.com/analysis/1780502
Behaviour
Behavior Graph:
n/a
Score:
99%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/b3d36ee8b7db47d9b11a5e6712c1dfa1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5/
Threat name:
Win32.Dropper.FarfliDropper
Create hunting rule
Status:
Malicious
First seen:
2025-09-19 06:35:54 UTC
File Type:
PE (Dll)
AV detection:
16 of 24 (66.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dzu734654kxlubpvcdicpknhmlf6lumiybirm6dw6jrbvvqpyp2q._file
Verdict:
malicious
Label(s):
fatalrat
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250919-hb9qjaej41/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5
MD5 hash:
b3d36ee8b7db47d9b11a5e6712c1dfa1
SHA1 hash:
df6599756cc41b0ed6f34a953eebfbd07e4544ae
Link:
https://www.unpac.me/results/9db5ea5e-2dd1-4f01-b435-ef2efc04b3ba/
Malware family:
Mimikatz
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1e69fdf3dde2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 1e69fdf3dde2aeba05f510d027a9a762cbe5d188c051167876f2621ad60fc3f5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3558504/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/28257/

Comments