MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 1 File information Comments

SHA256 hash:	6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4
SHA3-384 hash:	40e825ac1a5a2bcb91a1be3c5a72067ec05d6286cd16ca299abe341b5065d15b6b1daf87e495211958d4af9ac988d098
SHA1 hash:	bc054d674b2a17139a6331e35149bc69593e7baf
MD5 hash:	39741a17d7a183966387a13b1e3a1994
humanhash:	louisiana-king-pasta-oscar
File name:	Tyrone.dll
Download:	download sample
File size:	542'720 bytes
First seen:	2024-08-16 08:47:48 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	12288:TXklV8KId8EC/+C9QVYkVCu2cLas88VhsEo5:Tf9vCOVXscLg8VXo
Threatray	3'293 similar samples on MalwareBazaar
TLSH	T13FB4AF14FAEADB1FCD9A86F7C8E95C7093A49052E14BF71B214202E95D073EB8E112D7
TrID	87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32) 3.8% (.EXE) Win64 Executable (generic) (10523/12/4) 2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 1.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Reporter	ukycircle
Tags:	dll

Intelligence

File Origin

# of uploads :

# of downloads :

352

Origin country :

Vendor Threat Intelligence

Detection(s):

Win.Malware.Zusy-10009321-0

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66bf1246b35234d5cc65ebc6

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

packed vbnet

Link:

https://www.filescan.io/uploads/66bf1249b6cfdb0a9ea00d25/reports/8e9a4417-9108-4bab-b0b5-d8d4e7f3a6f9/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/375aaffd-9aa7-468b-adb8-e20e300f5f18

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1493766

Signature

.NET source code contains potential unpacker

AI detected suspicious sample

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4/

Threat name:

Win32.Trojan.Jalapeno

Status:

Malicious

First seen:

2024-08-16 08:48:07 UTC

File Type:

PE (.Net Dll)

Extracted files:

AV detection:

23 of 38 (60.53%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nibmpffulq6jfwoudmy6dtaxn6u3hcywbi2ythe3h5tec2twsosa._file

Verdict:

malicious

6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

742d5abe0d2712d207d02d22982ec5d84e3ac77e07e70c6e6c6720a147a16d89

ca0e44de77ca87bdd8f7e6d9e1b778d45bbfd729a2d343c7c48cadfced235b3a

ddcc681b810274f9326f2e5b5716e44d36d69ace7deb147db9a9d5504e5018f1

+ 3'283 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/240816-kqe6ksvhpb/

Behaviour

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

MD5 hash:

39741a17d7a183966387a13b1e3a1994

SHA1 hash:

bc054d674b2a17139a6331e35149bc69593e7baf

Detections:

SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24

SUSP_OBF_NET_Reactor_Indicators_Jan24

Link:

https://www.unpac.me/results/21891108-f843-4eab-8e00-862307deba71/

Parent samples :

ee331b107bd18dfd8db52add917a98c284ef9d199d74bbc45e1fac0c3dbc477f
6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6a02c794b45c3c92d9d41b31e1cc176fa9b38b160a35899c9b3f66416a7693a4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample