MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76
SHA3-384 hash: 25a2c69ffdd251d2dfb21aadfb84819dca625dcf6aea2506ccb5badeaef1c2f2f924e27c6a08f582f1dc75d1411decfd
SHA1 hash: 4af3f72fe3a99bdb8cd3e9838046db51a6b03b66
MD5 hash: c8bc7f901b1c154566bc70ce6af6dd5b
humanhash: hawaii-oven-tennis-two
File name:c8bc7f901b1c154566bc70ce6af6dd5b
Download: download sample
File size:46'592 bytes
First seen:2022-02-15 16:02:50 UTC
Last seen:2022-02-15 17:52:40 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 768:HND9ytoTkDfIvkFXqPLuC2zG3IqEffffAEnnnEEEEEAEEA1nxn1EEEAqEAl8EE1i:HNDoSTCGkFqPqC2QIqEffffAEnnnEEEW
Threatray 2'134 similar samples on MalwareBazaar
TLSH T1B823090433878389D468657940F31A3103F6B7EF3273D65B3D9511A92E2A7E18B86BCD
Reporter zbetcheckin
Tags:32 dll exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/241659/
Detection(s):
SecuriteInfo.com.Trojan.DownloaderNET.263.10202.24181.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated packed replace.exe
Link:
https://www.filescan.io/uploads/620bceb8875593a3ccd0f9cb/reports/e0fbfede-b047-4e4d-93d3-4670cc8ec365/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4e43930f-cdd2-4465-b9b2-156f8145831f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/940223
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Call by Ordinal
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 572707 Sample: sR1apLoHug Startdate: 15/02/2022 Architecture: WINDOWS Score: 56 13 Multi AV Scanner detection for submitted file 2->13 15 .NET source code contains method to dynamically call methods (often used by packers) 2->15 17 Sigma detected: Suspicious Call by Ordinal 2->17 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2022-02-15 14:03:11 UTC
File Type:
PE (.Net Dll)
Extracted files:
3
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
024cac937f1d55725cd4c039831bec6aea9a1745731eeaaae5f49ca18f6862a0
20a79a2b8181e2b4b746e864d4aa3bdd4a81c20ff66862942008423ea9341267
619399cbd9239d9e913787c807c3e5c5000d1d33a2260961764ac0a1be860686
a5434f3532d327c98dd46daa30717b384ee264b0c3d17bdaf3561bbdaf380116
d93dd7a2596af7479ef16d2b345948d6c117d64fbadafd982da2a7631a096eb7
d994719966b8445e43a5ed911590248e5b8dce21d96487f87c4069805ed9f100
+ 2'124 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220215-thb9dsaacl/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Suspicious use of AdjustPrivilegeToken
Drops file in Windows directory
Unpacked files
SH256 hash:
9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76
MD5 hash:
c8bc7f901b1c154566bc70ce6af6dd5b
SHA1 hash:
4af3f72fe3a99bdb8cd3e9838046db51a6b03b66
Link:
https://www.unpac.me/results/40cb634c-27ae-41d1-958b-6da38f8529ad/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll 9a5244a47aa5903cc6dd7da65c42d4a34128ecde14ec90ef6b5c6760f8f7ad76

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2044424/
Cape
Cape
https://www.capesandbox.com/analysis/241659/

Comments


Avatar
zbet commented on 2022-02-15 16:02:52 UTC

url : hxxp://95.143.178.121/mjezJMUm.dll