MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ousaban


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6
SHA3-384 hash: 6199788bb9e547ee365f4fae3ee66c19c6ff809a14453def8151d9fcf3c4e979c1b4cf30d4cdd4742bcc5ff8bd525206
SHA1 hash: 62dcff5d087d7d4a4d1aae80a6db90bc3af01e58
MD5 hash: 826e9eb095fd5c1474bd43f5c2999c69
humanhash: washington-mountain-finch-monkey
File name:VUJJJFwwwLFLF-june.zip
Download: download sample
Signature Ousaban
Create hunting rule
File size:6'887'603 bytes
First seen:2022-06-01 05:36:00 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:iBEFF/wQZm7wPx9qVY4Yi6Ttodu6fV7NfnLZHdpV9AA9n:tKwpoY4UGu6fV7NP9Hzf3Z
TLSH T13966334ED9479EC5CC80A4324DBB0F919BBCC1AF5894A7134368E43BECDB754B6A488D
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter dodosec
Tags:banker brazil Javali ousaban zip


Avatar
dodo_sec
Standard ousaban/javali: binary padded DLL (dbghelp.dll) injected into legitimate binary. Decrypts list of spanish and portuguese banks in memory. C2 is hxxps://ec2-75-101-215-119.]compute-1.]amazonaws.]com/. Attribution done by infection techniques, method of string decryption, presence of JAVALI2021 in memory and syntax of C2 communications (?rdgate)

Intelligence

File Origin
# of uploads :
1
# of downloads :
226
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2022-06-01 05:38:15 UTC
File Type:
Binary (Archive)
Extracted files:
4882
AV detection:
8 of 41 (19.51%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jrtyh2etbqldr7odiou453ydmksuitaa7lfs75tjfgrqzgh25l3a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220601-gaj8taabgn/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

AZORult

Microsoft Software Installer (MSI) msi 8cadd98cf4cf0379cbe0131b22aeddb68502eeb292a7a0e21718327abee8509c

AZORult

DLL dll 9c49e748181e5bc2d87ffee3cd333532d8d94b69501c13541af8e1d4ce104695

Ousaban

zip 4c6783e8930c1638fdc343a9ceef0362a5444c00facb2ff66929a30c98faeaf6

(this sample)

  
X
https://twitter.com/JAMESWT_MHT/status/1531566144594841601
  
Dropped by
SHA256 9c49e748181e5bc2d87ffee3cd333532d8d94b69501c13541af8e1d4ce104695
  
Dropped by
MD5 4a8edf2393a248a73791d68351f86d21

Comments