MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f
SHA3-384 hash: 7a975d510d294383eee24a979a2c441bf3b6169e16a5f3fb0048dca4f9dc4ef3f14f08f8f23d7ea77963a50b0bc94bb9
SHA1 hash: b91a782553de810ce26bec6aaa7780ab0a729ff1
MD5 hash: f395a01d904fc03098a26bea1e84111f
humanhash: nuts-east-hotel-zulu
File name:168726655815eef30c6670d40d3dc1f56247396b33fe35af8aa4c9dde8b89cd08d9b40f594470.dat-decoded
Download: download sample
File size:3'247'104 bytes
First seen:2023-06-20 13:09:21 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:O/lXB+9MnW6mg//Q13/XYjC742n/76JHPETVjLi6rd:ClRsXPYjC74S7aHPETNWQd
Threatray 18 similar samples on MalwareBazaar
TLSH T18AE5AD5AB696DE67E3D8BB3AA05351288731C2223326BB1F1F7D11753D933B409423DA
TrID 80.3% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
4.4% (.SCR) Windows screen saver (13097/50/3)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
3.3% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
283
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/401007/
Detection(s):
SecuriteInfo.com.Variant.Zusy.472162.25200.20406.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/6491a52b99f0c0cb0932f35e/reports/04997585-aaa9-48fe-bfce-a0b72af21887/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/31ebcca1-4686-4296-a97a-53fd8f3bd177
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1258227
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Sigma detected: Execute DLL with spoofed extension
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-06-20 13:10:06 UTC
File Type:
PE (.Net Dll)
Extracted files:
4
AV detection:
4 of 37 (10.81%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hzy6htjfv7byrmtkd4wcjm64taieo36qcx77zio2lbfu7gcdruxq._file
Verdict:
malicious
Similar samples:
2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f
3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
46b7366f88fd44a82cd00e4979f676b464c9f7c0169450ff3dcc014d9650b517
6234c83cf8e46f8e09fed9cbf0456be735dc8640c2df0ee4734b7fa730e0b8eb
7474c59e2ced7b554bc03a190b33690f640a8f415b38fe21e2caa0a7a33215c9
8cfab1a4c573103b5b39aed0c2cb8fbcd76d246d7bc106fd0ad1fa6adeff91b9
91bedde298120f2112051018910a77a8672687917722e9a4aba692ec312bf4b2
9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b
cdb463c9aeff4b1d0090647e3baa27f32360301b0be912489f2b32e1f469650e
e75e7b4f4db640c54deb092dd373afa2b692a2078461cd0193e2b54b84c8250c
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230620-qech7sdc6s/
Unpacked files
SH256 hash:
3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f
MD5 hash:
f395a01d904fc03098a26bea1e84111f
SHA1 hash:
b91a782553de810ce26bec6aaa7780ab0a729ff1
Link:
https://www.unpac.me/results/5ca595d0-080c-4f2b-a575-166416ff0f57/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

15eef30c6670d40d3dc1f56247396b33fe35af8aa4c9dde8b89cd08d9b40f594

DLL dll 3e71e3cd25afc388b26a1f2c24b3dc9810476fd015fffca1da584b4f98438d2f

(this sample)

  
Dropped by
SHA256 15eef30c6670d40d3dc1f56247396b33fe35af8aa4c9dde8b89cd08d9b40f594
  
Dropped by
MD5 3694a0b798a58034743604673f68eb8e
Cape
Cape
https://www.capesandbox.com/analysis/401007/
  
URLhaus
https://urlhaus.abuse.ch/url/2666485/
  
Delivery method
Distributed via web download

Comments