MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cf15f723d723e02406de6c49d93960bee6ed0be0e6d05ba622437b6c7d5d1fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cf15f723d723e02406de6c49d93960bee6ed0be0e6d05ba622437b6c7d5d1fe
SHA3-384 hash: 466e2e159d3be9f71c99a6970a0bfbe1c34ff51ae294fad877b72b90557acd2c1647ac0059b65ff3d02fd2d439f5e9f1
SHA1 hash: c909c5bb19646f1a520f21d8dbb426ecbfe778b1
MD5 hash: 2fb47413c0ce153104e41b6781e3dd6f
humanhash: cat-nineteen-delta-wyoming
File name:Aztgvbofdotvaluavhga.dll
Download: download sample
File size:1'017'344 bytes
First seen:2022-10-24 17:06:17 UTC
Last seen:2022-10-24 18:21:50 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:o13fL7hu4gulJ4tWKG1Gu7iTQezjBwdjRiolp+Wi4wnWH7PMhTQU:oZTw4b4tc1Gu7KzufiMp+JnWHwh9
Threatray 458 similar samples on MalwareBazaar
TLSH T1CB25AF07B697CBE1F64C1776E1EA4C14C3A4DAC33BB7DF1B7546221E29023999481A8F
TrID 87.8% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
3.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter James_inthe_box
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
177
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/323523/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.44257.30536.31822.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/bbcfd0eb-087b-4001-887f-b94c5fbe5e29
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1096772
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Yara detected Costura Assembly Loader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 729410 Sample: Aztgvbofdotvaluavhga.dll Startdate: 24/10/2022 Architecture: WINDOWS Score: 56 15 Antivirus / Scanner detection for submitted sample 2->15 17 Machine Learning detection for sample 2->17 19 Yara detected Costura Assembly Loader 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cf15f723d723e02406de6c49d93960bee6ed0be0e6d05ba622437b6c7d5d1fe/
Threat name:
ByteCode-MSIL.Trojan.GenericML
Create hunting rule
Status:
Malicious
First seen:
2022-10-24 17:15:14 UTC
File Type:
PE (.Net Dll)
Extracted files:
5
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rtyv64r5oi7aeqdn43cj3e4wbpxg5uf6bzwqlotceq33nr6v2h7a._file
Verdict:
malicious
Similar samples:
08aa117c4795f93fdbee891121a2cd5e3adc46d9528967ec63ab325243fc7de2
13bee76dae73be7d12dd2190c7348ecafc9ae959c1edf8d416b22781df0dedf8
431259109385ec63af8de3962a7439e71c9361c30051ac30febcda57114e201a
588572e37df45867b14d17b7892c5337ecce9e618b43ae6aae8ab187c35bbc92
6dbf741f04c1613d60bb9c04da88af672a1b6a5dc0c768f2aaea959f611fe038
7b7f0cdf959229297f194c9052cb90dfde8ad43dd2566f49feadad9506b8b1fb
d5398b2fec9b1f21d7940e1c0cf6504e96c3675e44067d7cc0b2b4354fdcde85
ef659b7280d3ac6cd2922030854e9c6cb153111889382dfda5e3708ce91c6e93
+ 448 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/221024-vmze6ahger/
Unpacked files
SH256 hash:
8cf15f723d723e02406de6c49d93960bee6ed0be0e6d05ba622437b6c7d5d1fe
MD5 hash:
2fb47413c0ce153104e41b6781e3dd6f
SHA1 hash:
c909c5bb19646f1a520f21d8dbb426ecbfe778b1
Link:
https://www.unpac.me/results/0676ebfc-bc80-474b-bd0b-db8449f8d102/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8cf15f723d723e02406de6c49d93960bee6ed0be0e6d05ba622437b6c7d5d1fe

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/323523/

Comments