MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380
SHA3-384 hash: 6b8e1911b1a4458c739d16c99db92914bf5a71b3c017267cb1475e9d342b5fec05990856945b0b3f1ea639e3b8c5c0b5
SHA1 hash: a5a5722740ac9570a889f4ef546830e8a39dc692
MD5 hash: 175fca5ab1ce0877c4b95dc2efae8f3a
humanhash: alpha-bluebird-don-neptune
File name:175fca5ab1ce0877c4b95dc2efae8f3a.dll
Download: download sample
File size:32'256 bytes
First seen:2021-10-11 18:43:06 UTC
Last seen:2021-10-11 20:17:32 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 384:fqJ9vmGRfHUcSIdxbBBAV0PfrRqLAqrFcwa9NXjLPawWPls304u6ybH:CJ9vmQv6oxbzAybRqLBcBzPWPla04Wj
Threatray 144 similar samples on MalwareBazaar
TLSH T1F7E24B2B12DE7EEAC0B92A71777353C1C32CDE015513EA2E59D0B12AD97E20379423E9
File icon (PE):PE icon
dhash icon 414545c0d4c05503 (37 x njrat, 3 x AsyncRAT, 1 x RedLineStealer)
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
234
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/196720/
Detection(s):
SecuriteInfo.com.Variant.Bulz.772094.17139.28426.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
anti-vm obfuscated packed
Link:
https://www.filescan.io/uploads/616485f59fb4d8593d61c19c/reports/2584e130-586b-4d24-8809-e7e03880ba49/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/84e07275-f205-48ad-918c-4399ab4760dd
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/867808
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 500237 Sample: HNcyr87eHo.dll Startdate: 11/10/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-10-11 15:23:34 UTC
AV detection:
13 of 27 (48.15%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
013e28fb236b074fae60d3252c602924a886ad4c311310dbb19f85ba1c5e2425
04e1a14639f9fd0903f21edd99b1cadc9267b0ac2f402863d6eb3acc4d48acf7
41bc7a7c5c2a56f824426ce34edb7e36a185bbfadb27c75a488df741aea2971f
454d76ef9b357985c651a1c636cd7a07c680c4e42e2856e54659fb38d5e2532c
5adb192079fbc16f4631d3e5c894d9bec1ed384e7be85742c4f076760eb64a0f
75830575168e1d024a8d0c86764cb9b88eea3c79f0c4a24fb39d4e94fd2c42d7
a7f68c540c7f610ce1127b997f3097815b0dbbdb6dd9a7d4637f4059a7af26f4
d74e83ed5ab21b5c7d0a980d53c434fc7586f0f99d566b479496d2c723f79ee8
e924821860bcee2dd1acc0239f6413cd6a677213b640942d271ea12446fc65aa
fcaf7a2e9cc327d8186c5d450c4780d466d8d809d2969d1363239e6632a90534
+ 134 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211011-xdh3xshhd4/
Unpacked files
SH256 hash:
81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380
MD5 hash:
175fca5ab1ce0877c4b95dc2efae8f3a
SHA1 hash:
a5a5722740ac9570a889f4ef546830e8a39dc692
Link:
https://www.unpac.me/results/0e483225-ffa7-47da-9eac-3a4ed25e394d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 81beb54b10b6cfac0149478fc793905da3c6ccbbce47d9764b1c26e893b1a380

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1667230/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/196720/

Comments