MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb
SHA3-384 hash: fb0cd9cc7af6ede7e0013a85d4853bc0913a0868939bd17d5c78b7047858c29fddbc0bc49e36ef617145b6723bf3a34a
SHA1 hash: 068963a47435ed3628ea150c5b07bee2165acf23
MD5 hash: bebccbf007e6833633716dd855003acf
humanhash: helium-mountain-mexico-moon
File name:bebccbf007e6833633716dd855003acf
Download: download sample
File size:1'418'752 bytes
First seen:2021-08-13 07:13:48 UTC
Last seen:2021-08-13 07:47:56 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24576:ImvIEbLo3DGUEPQpRuAuaMNOvrF34C4wwRKADtJWMeTO5j:7vIzDVfuOvFkhDtJWMqO5j
Threatray 3 similar samples on MalwareBazaar
TLSH T13265CFAD650B9F29C6CE153390E1240987A4A4F1F3FBE35FA0C80DA9E4677E7C982553
Reporter zbetcheckin
Tags:32 dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/178846/
Detection(s):
SecuriteInfo.com.Variant.Bulz.595993.22099.6187.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/92a021eb-6ed2-4ac9-9660-459b27a0d757
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/832188
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 464619 Sample: JvghVgulUL Startdate: 13/08/2021 Architecture: WINDOWS Score: 48 13 Multi AV Scanner detection for submitted file 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb/
Threat name:
ByteCode-MSIL.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-08-13 07:14:08 UTC
AV detection:
9 of 47 (19.15%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1d9792547b612f5521083edcdf440a8e6dece47d056e69bed5b08575c57c44ff
dc251d72ea50b5caf6ce2ecf564a0a24636e4b0140e45e5bb5edbf7cc0b7d395
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210813-8hak72l8ve/
Unpacked files
SH256 hash:
9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb
MD5 hash:
bebccbf007e6833633716dd855003acf
SHA1 hash:
068963a47435ed3628ea150c5b07bee2165acf23
Link:
https://www.unpac.me/results/470d6fec-8b5d-4b74-baa4-19cdd6e4f486/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with SmartAssembly
Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFuture
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 9465d1ee02521fdd0d1be313df401af7734a858c164e4eae77d6c85398e339eb

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1525306/
  
URLhaus
https://urlhaus.abuse.ch/url/1524300/
  
URLhaus
https://urlhaus.abuse.ch/url/1529880/
Cape
Cape
https://www.capesandbox.com/analysis/178846/

Comments


Avatar
zbet commented on 2021-08-13 07:13:48 UTC

url : hxxp://193.56.146.55/Api/GetFile2/