MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6
SHA3-384 hash: c57942e147f335d5eded2ab5318f32f1ae17c016601a776b44b1de366b59bf60eca783740d1703d347bbf02efe8d5eda
SHA1 hash: d9cb0aac75e1577b71bce3e24306a3bfacd39d08
MD5 hash: af24b8ca5451207cd1e8200b2138782c
humanhash: whiskey-cup-sodium-emma
File name:af24b8ca5451207cd1e8200b2138782c.dll
Download: download sample
File size:335'572 bytes
First seen:2022-04-26 04:41:37 UTC
Last seen:2022-04-26 05:32:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 3072:rKrbi9VwBh42cEzhMltVpIP0T7ORLzlj5CyAQpqYTY8qr9QLYFX3:+W9iBXrhMl3pIP/N5pBMGLYFn
Threatray 30 similar samples on MalwareBazaar
TLSH T1EC64D66F9432065BEED64C74DC88A3B6CA976E3C4E37DAF75C64D0707828161BA27243
TrID 33.6% (.EXE) OS/2 Executable (generic) (2029/13)
33.1% (.EXE) Generic Win/DOS Executable (2002/3)
33.1% (.EXE) DOS Executable Generic (2000/1)
Reporter abuse_ch
Tags:dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
237
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/266624/
Detection(s):
SecuriteInfo.com.Variant.Ulise.343894.21323.25969.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/6267785779c6c1e67d2f9b9e/reports/e899cac9-a219-4a79-92e9-53e87a2e865f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f32cee41-293d-42bb-8ecd-840b126db2bc
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/982913
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 615404 Sample: vEs2hGiPxp.dll Startdate: 26/04/2022 Architecture: WINDOWS Score: 52 13 Multi AV Scanner detection for submitted file 2->13 15 Sigma detected: Suspicious Call by Ordinal 2->15 7 loaddll64.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6/
Threat name:
Win64.Trojan.Ulise
Create hunting rule
Status:
Malicious
First seen:
2022-04-26 04:42:07 UTC
File Type:
PE+ (Dll)
AV detection:
8 of 42 (19.05%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0b149fc1f48da1d2c02d778be120427483403cd7519fc7f69e741288b120cb9d
45b7ef5a55cbcddb1f21415450ee982ebdafac1cf3a57e62acb8d014bc797dfc
65234c8a08c9a5e2e81af11e4be56eaee3ec00c9063069ab9d97770d6f31ba6b
af7526d30d40da60e83b0423f338f0740886321eadaae86ce16c10af44e44c3e
c0c4cf3a74e70f837e73f44ed95789946b02de457b6155ddc4e14a9441f92048
c391aff5321bbb74cd72d876062bd41f120cfeabb20d07b383ffdd76fadc4904
d3fd3711c2dcff75bf015624ac6ac8f258fbd0229cf7cd4cb5f4eaba6ec32033
d5a4fcb0e552cad22b1a907e874295b08e83d58bd83f9b4788c90aaad263cd87
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220426-fbnrysbac6/
Unpacked files
SH256 hash:
375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6
MD5 hash:
af24b8ca5451207cd1e8200b2138782c
SHA1 hash:
d9cb0aac75e1577b71bce3e24306a3bfacd39d08
Link:
https://www.unpac.me/results/20b6d02d-c09e-4e63-a632-8d94eaaec43d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb2
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 375ec4130170dde1532ea4579d81c77b6646cc1957cdfc5e38ca4a091ec196c6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1799907/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/266624/

Comments