MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 91f5ba0e0abcad0604f2a2f1ae529bf84c1e30b44677b572b89e150b48b59b46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 91f5ba0e0abcad0604f2a2f1ae529bf84c1e30b44677b572b89e150b48b59b46
SHA3-384 hash: ebafe4e3d657c2f7f3e1eb3da569e8b12f8e6804072257529f69802cda5879c011235202d30d9b85cf0b6de69b2762ad
SHA1 hash: 3d654e983ff12c4d2c05b76904ad8d964baa86e4
MD5 hash: 4850965bc877ac829c572d4a2f66c98a
humanhash: sodium-edward-cardinal-blue
File name:01_extracted.exe
Download: download sample
File size:94'208 bytes
First seen:2021-01-06 16:21:07 UTC
Last seen:2021-01-06 18:08:09 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 1536:W30EiwRd9gZwcLwoB6FGGEzccJ3xph+g7TbHIhcEiyi00Kcl:G0EiwRd9gZwc3B6FGcAboG30bY
Threatray 48 similar samples on MalwareBazaar
TLSH 13938E067F54BF14E658207381DF023807E5E58329B3E7AF7E6876AE1E021A16C19EDD
Reporter Racco42
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
138
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110755/
Detection(s):
SecuriteInfo.com.Artemis4850965BC877.17152.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/575275
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/91f5ba0e0abcad0604f2a2f1ae529bf84c1e30b44677b572b89e150b48b59b46/
Threat name:
ByteCode-MSIL.Trojan.CrypterX
Create hunting rule
Status:
Malicious
First seen:
2021-01-06 16:22:05 UTC
AV detection:
9 of 29 (31.03%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d5bfc0c20d8142640a572b53e611015b225c0312faac51006c299e59a061a8a
2caacde56329c3cb26c041d2535a5121d02fc195193f4046aabec42d61655d68
3b1dc7e0c9154fe384c695f8eec5622ab2ba88bf59d990def6b2c11d8519cecf
59b230d608d121a6969fa2eab41b020c57f99328319ebd92ef00cb4081562589
72146e890efa1de6ee90e445ceb11ad9dc3b053fa5e82757756a393ee4617a77
733036ae8101048351d1cf684fe1bc02c1cf7a70725a470bec7cbd59a602738b
7f5f68e3163fd4aae367b129dc4d519000905b78d66e6933e7b091053eadd98f
f41d910195a48409a0d7047fa3e9d2d62b19361c92f8f2f045d9a4ba7a0e869e
f95573e18dd16600bedc2ab6917774a91603d5e90ae5deccfa969a8311802972
f9b03c723f0707c47dc00e0d77ac55559d2cd07cd6b38a67126e535068ca05dc
+ 38 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210106-7jaw857m4a/
Unpacked files
SH256 hash:
91f5ba0e0abcad0604f2a2f1ae529bf84c1e30b44677b572b89e150b48b59b46
MD5 hash:
4850965bc877ac829c572d4a2f66c98a
SHA1 hash:
3d654e983ff12c4d2c05b76904ad8d964baa86e4
Link:
https://www.unpac.me/results/a1c49ebd-44de-4681-8d18-42e7a583800a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.87
Link:
https://yomi.yoroi.company/submissions/91f5ba0e0abcad0604f2a2f1ae529bf84c1e30b44677b572b89e150b48b59b46

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/110755/

Comments