MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25
SHA3-384 hash: e437a6e7329153f15811d12899c40cbc2fecec1b1b33af850a24cb189e1d740e0387d0720768f6a984a2ae52da2d804b
SHA1 hash: a65abb0c55d2ab711153ee5dbc9466b5376dc968
MD5 hash: ae9bff09ae8e55ec3a23258fac0165be
humanhash: nine-pluto-don-magazine
File name:download.exe
Download: download sample
File size:4'460'544 bytes
First seen:2024-10-09 05:07:04 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:HkchngWS2a4aWv8bEqzN9APORfcpb9ssImxRtdvtEBOdOkHKW4K9Q17vVAkcZfS0:WfN6WBIggun8
TLSH T156262D03B5D786F1C2481B33CDEB81144BA1E9823B23D70A768E33595A537BBF94A617
TrID 87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
3.8% (.EXE) Win64 Executable (generic) (10523/12/4)
2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.6% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter lontze7
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
394
Origin country :
GR GR
Vendor Threat Intelligence
Detection(s):
Win.Packed.Trojanx-9818175-0
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67060f7edcb599bb05a511dc
Tags:
Dropper Msil
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd lolbin masquerade net_reactor packed vbnet
Link:
https://www.filescan.io/uploads/67060fb306f0c2314b43176f/reports/4765f23a-fb91-449b-8718-b1054c9b6241/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/51fa1fa2-5dd5-4fca-bab9-ee0d4ee0f409
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1529596
Signature
.NET source code references suspicious native API functions
AI detected suspicious sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1529596 Sample: download.exe.dll Startdate: 09/10/2024 Architecture: WINDOWS Score: 60 15 Multi AV Scanner detection for submitted file 2->15 17 .NET source code references suspicious native API functions 2->17 19 Machine Learning detection for sample 2->19 21 AI detected suspicious sample 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Score:
62%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-10-08 11:41:12 UTC
File Type:
PE (.Net Dll)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sicbm7lo4tqq26vcm2fr2hgtk3aajectyoqk774akwbqtluef4sq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241009-fsjvbs1dmj/
Unpacked files
SH256 hash:
9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25
MD5 hash:
ae9bff09ae8e55ec3a23258fac0165be
SHA1 hash:
a65abb0c55d2ab711153ee5dbc9466b5376dc968
Link:
https://www.unpac.me/results/39bacdaa-7edb-4dff-b48d-339c4c7f7700/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/9204167d6ee4e10d7aa2668b1d1cd356c0049053c3a0afff80558309ae842f25

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments