MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f
SHA3-384 hash: f5da79f5cf592332a409b15243db99d1b42b7a121a259d30d7dfc13617ff55477e9a5f07b4eabc66f1498f8340377a2c
SHA1 hash: 308bef625be5f30e28d97e47f16fafbe8d00d9d1
MD5 hash: 6ca6f96b623b83fc57058d5457e0376f
humanhash: vermont-chicken-finch-cardinal
File name:168724339234e936a1fedc6121e0c7393abb37605efb0eecabd32c8efc8a76d907fc8d438b758.dat-decoded
Download: download sample
File size:3'253'248 bytes
First seen:2023-06-20 06:43:14 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:Y3KIL5dXdQ93ZWWkeBj8LgHSEFJGJfxlQJ61EvYMl:Y13HG8LgyTZfErl
Threatray 21 similar samples on MalwareBazaar
TLSH T166E5AE06BA9ADE6AD3D62B3EA01741189A31DA137703BB2F1F7D11753D933B019423DA
TrID 80.3% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
4.4% (.SCR) Windows screen saver (13097/50/3)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
3.3% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
241
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/400859/
Detection(s):
SecuriteInfo.com.Variant.Zusy.472162.10184.892.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/64914ab33067ea15b65683c3/reports/6324e5ad-9992-4b0c-9fa9-b06f2ceee7df/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ad5d08fe-8418-482c-9ca2-dafcae120467
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1257941
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Multi AV Scanner detection for submitted file
Sigma detected: Execute DLL with spoofed extension
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 890995 Sample: 168724339234e936a1fedc6121e... Startdate: 20/06/2023 Architecture: WINDOWS Score: 68 15 Multi AV Scanner detection for submitted file 2->15 17 Sigma detected: Execute DLL with spoofed extension 2->17 19 .NET source code contains method to dynamically call methods (often used by packers) 2->19 21 2 other signatures 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-06-16 18:19:26 UTC
File Type:
PE (.Net Dll)
Extracted files:
4
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=egcagpl6yvv2plhd3s2i2ehepb2kmogyu7ab4dwtehdz2lu6k5xq._file
Verdict:
malicious
Similar samples:
32fcd31207c5e310957801fca81578c9dcba9ed3515809f62a7d50d93ad033db
3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
46b7366f88fd44a82cd00e4979f676b464c9f7c0169450ff3dcc014d9650b517
6234c83cf8e46f8e09fed9cbf0456be735dc8640c2df0ee4734b7fa730e0b8eb
9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b
cdb463c9aeff4b1d0090647e3baa27f32360301b0be912489f2b32e1f469650e
d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
e75e7b4f4db640c54deb092dd373afa2b692a2078461cd0193e2b54b84c8250c
f3adace9b9f1d61d8752f65c0418a49595e347c417a17b14655d838993b74229
f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230620-hhgnbsae68/
Unpacked files
SH256 hash:
2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f
MD5 hash:
6ca6f96b623b83fc57058d5457e0376f
SHA1 hash:
308bef625be5f30e28d97e47f16fafbe8d00d9d1
Link:
https://www.unpac.me/results/d48ff833-a675-4fa4-bb50-b3acb2d893ee/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

34e936a1fedc6121e0c7393abb37605efb0eecabd32c8efc8a76d907fc8d438b

DLL dll 2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f

(this sample)

  
Dropped by
SHA256 34e936a1fedc6121e0c7393abb37605efb0eecabd32c8efc8a76d907fc8d438b
  
Dropped by
MD5 ad6f976539bd7eab684dd28b83e75748
  
URLhaus
https://urlhaus.abuse.ch/url/2666889/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/400859/

Comments