MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a81b984ce34890356c5e3f6c8813012e3f260665692c69d638771b5c826884a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a81b984ce34890356c5e3f6c8813012e3f260665692c69d638771b5c826884a
SHA3-384 hash: 2dfef96f4e39fd5e1a7f521981b4217808a912fc291fb93fefa3be20fea47271601d43a28dbc0c75a9dbdf52aaa465d1
SHA1 hash: 3816dde9b3f36d0b0324d1e6cd084b18af20342a
MD5 hash: 71b823be8efc51883d37dc40edb286e9
humanhash: green-victor-mexico-aspen
File name:9600a7096347e18dc1a4713ee2fba99b
Download: download sample
File size:1'466'368 bytes
First seen:2020-11-17 11:53:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 24576:9V1pPZVWEBrzk37aoELznK/EjZGfarFVQzNpZcvDEUfIF:7Pt8374HK/m1FVQzNU7hI
TLSH 75658DA966F98E6BD5CE0A3B712C10548FF2C10643CAFB5B54086AF46CD67C09F5E1A3
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a81b984ce34890356c5e3f6c8813012e3f260665692c69d638771b5c826884a/
Threat name:
ByteCode-MSIL.Packed.Confuser
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:56:42 UTC
AV detection:
1 of 29 (3.45%)
Threat level:
  1/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-qpphm5vxjx/
Unpacked files
SH256 hash:
9a81b984ce34890356c5e3f6c8813012e3f260665692c69d638771b5c826884a
MD5 hash:
71b823be8efc51883d37dc40edb286e9
SHA1 hash:
3816dde9b3f36d0b0324d1e6cd084b18af20342a
Link:
https://www.unpac.me/results/1c48ef56-3bb7-414e-969c-05aa843f8af5/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments