MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ousaban


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93
SHA3-384 hash: fc4766797e4c540c554d49103335ce6b9e565341c6e3be120ef1e4808f439f65c4723bdb0d5158d8707f005bb8640262
SHA1 hash: a72ade1e355d2738943b8ffbcf0464779a308a87
MD5 hash: ae9df8a868d0e1760255a0a006c91fea
humanhash: artist-oregon-connecticut-mississippi
File name:VUJJJFwwwLFLF.zip
Download: download sample
Signature Ousaban
Create hunting rule
File size:6'898'492 bytes
First seen:2022-05-26 19:48:19 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:PdWbkp2iU0izqPoIK6OugLPHPHubAAiLZHdpV7S:lWbw2NrNHOb3i9Hzg
TLSH T12666330D8A43ADD6D84028364EF70F613BBD86A985447303577CE43BECDFA94A5B9C89
TrID 80.0% (.ZIP) ZIP compressed archive (4000/1)
20.0% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter dodosec
Tags:banker brazil ousaban zip


Avatar
dodo_sec
Decrypted zip archive retrieved by a downloader. Contains 4 files:
- erpfdrive.exe (legit intune.exe, target of dll injection)
- dbghelp.dll (ousaban dll, padded to around 290 MB)
- uires.dll
- zlibai.dll
C2 address: 20[.]187[.]91[.]219
List of targeted banks available on https://twitter.com/dodo_sec/status/1528835496251727874

Intelligence

File Origin
# of uploads :
1
# of downloads :
413
Origin country :
n/a
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed remote.exe replace.exe update.exe
Link:
https://www.filescan.io/uploads/628fd9b6eba388bb8683ccf6/reports/dd0c7453-63e6-4465-8c16-cf54cd0f7793/overview
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2022-05-26 19:50:47 UTC
File Type:
Binary (Archive)
Extracted files:
4882
AV detection:
6 of 41 (14.63%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/220526-yjne9sadcq/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Ousaban

Microsoft Software Installer (MSI) msi 527316e33aec35e357264f36c2313be372a70f17f8551aa4b8f9e99619320cbe

Ousaban

DLL dll b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f

Ousaban

zip 85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93

(this sample)

  
Dropped by
SHA256 b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f
  
Dropped by
MD5 ff0f6e690642fdcdd8acafe3b09a179c

Comments