MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6
SHA3-384 hash:	2ceccb2bdf0ea7225566c30dd3a38dea4f6b668c25521a64a7628a50f50de88b90d79ca2947c2b8bc79a88e0fad2f1c2
SHA1 hash:	d40768adfe5bfdf6f9b7d4c7feb0c1e15424fa59
MD5 hash:	3b5798efbcfdf62dada8525d4704d7be
humanhash:	winner-georgia-bravo-delaware
File name:	1730036586ac45c02678cfb051f46a3829e59a655739bcebbb1e2d27474e330fbc4c2b3a3d596.dat-decoded
Download:	download sample
File size:	61'952 bytes
First seen:	2024-10-27 13:43:08 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	1536:5ZFRtf7xWHc4z9wAMFPHIfZAcMdv8Fy19:xz0HcIpE6u
TLSH	T105533B0CBF99CE1FEF2C4ABA9871030483F6D1546153F37BADC4B4EA2897BA45251653
TrID	35.4% (.EXE) Win64 Executable (generic) (10522/11/4) 22.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 15.1% (.EXE) Win32 Executable (generic) (4504/4/1) 6.9% (.ICL) Windows Icons Library (generic) (2059/9) 6.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	abuse_ch
Tags:	base64-decoded dll

abuse_ch

Malware dropped as base64 encoded payload

Intelligence

File Origin

# of uploads :

# of downloads :

347

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.DropperX-gen.29227.3249.UNOFFICIAL

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=671e45905928ee28d55e6b4c

Tags:

Micro Zusy

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

vbnet

Link:

https://www.filescan.io/uploads/671e43a6d71e009bb1f80231/reports/1d0ae7e9-cf2f-4687-b2a0-09e5518a99fe/overview

Verdict:

Malicious

Labled as:

Zusy.Generic

Link:

https://www.hybrid-analysis.com/sample/34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

RedLine Stealer

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/7e9a89f4-a4e0-43cc-876e-141f4d6a1d00

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1543277

Signature

AI detected suspicious sample

Multi AV Scanner detection for submitted file

Sigma detected: Execute DLL with spoofed extension

Behaviour

Behavior Graph:

Download SVG

Score:

71%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6/

Threat name:

Win32.Infostealer.Tinba

Status:

Malicious

First seen:

2024-10-27 13:44:06 UTC

File Type:

PE (.Net Dll)

Extracted files:

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gq3axvych6pyuewvf5yhr2xyuezcqwe3av4xrry5oox5rp5j3dta._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/241027-q1s33swlcs/

Unpacked files

SH256 hash:

34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6

MD5 hash:

3b5798efbcfdf62dada8525d4704d7be

SHA1 hash:

d40768adfe5bfdf6f9b7d4c7feb0c1e15424fa59

Link:

https://www.unpac.me/results/a3b38648-cdf5-4d83-afae-ed2efd85ee0e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

Rule name:	INDICATOR_EXE_Packed_Babel Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with Babel

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETDLLMicrosoft Create hunting rule
Author:	malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ac45c02678cfb051f46a3829e59a655739bcebbb1e2d27474e330fbc4c2b3a3d

DLL dll 34360bd7023f9f8a12d52f7078eaf8a13228589b057978c71d73afd8bfa9d8e6

(this sample)

Dropped by

SHA256 ac45c02678cfb051f46a3829e59a655739bcebbb1e2d27474e330fbc4c2b3a3d

Dropped by

MD5 746a0b19fe572c439356ab80d48c208a

URLhaus

https://urlhaus.abuse.ch/url/3257751/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample