MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b
SHA3-384 hash: a58b143b9219e6892c7041ce2b276e3ec952b6c97d4ec28046381c63f5f33c0cf5bc93865366d5e585cf79c5037c3a57
SHA1 hash: 2dd7d3e697bacdb6a80626afc0274559d7d8f229
MD5 hash: a4ad77a0cef47674a77b232ce7fa6178
humanhash: iowa-orange-four-hamper
File name:a4ad77a0cef47674a77b232ce7fa6178.dll
Download: download sample
File size:3'252'736 bytes
First seen:2023-05-24 07:42:11 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:H/Jfx3Y5UFeKvNCJ9Uz0w1LYTa8P7Of82LUS+MtDxCyS:39wKv0a1LmP7OU2skxCyS
Threatray 77 similar samples on MalwareBazaar
TLSH T177E5BE05A692CE27E3E45B7EA163512A9230D2233717BB9F0F7C95793C923B80D523D9
TrID 80.3% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
4.4% (.SCR) Windows screen saver (13097/50/3)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
3.3% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
246
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/391003/
Detection(s):
SecuriteInfo.com.Variant.Tedy.275795.2906.9492.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/646dc0090f915ba0dc8af9c2/reports/c553e3aa-fae1-41f4-a603-39596e450336/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a584d460-bd8c-4dc4-ac7b-41848da9f71a
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/1241426
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Yara detected Generic Downloader
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 874437 Sample: 2If9cy5QzS.dll Startdate: 24/05/2023 Architecture: WINDOWS Score: 64 15 Multi AV Scanner detection for submitted file 2->15 17 .NET source code contains method to dynamically call methods (often used by packers) 2->17 19 .NET source code references suspicious native API functions 2->19 21 2 other signatures 2->21 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2023-05-24 07:43:08 UTC
File Type:
PE (.Net Dll)
Extracted files:
4
AV detection:
6 of 37 (16.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t4evcyztsf7b4d3h4gnwz7y7hpjud4utdkppxqc6izj2cj2dxvvq._file
Verdict:
malicious
Similar samples:
32fcd31207c5e310957801fca81578c9dcba9ed3515809f62a7d50d93ad033db
3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
470c984d8e1d9413b351c38a01827c7386fd15aef28681559df36574908f7088
62263e2a3baa016b5048a6db6c0db98f8036c6fedb41216a6a08087ac7890413
6234c83cf8e46f8e09fed9cbf0456be735dc8640c2df0ee4734b7fa730e0b8eb
cdb463c9aeff4b1d0090647e3baa27f32360301b0be912489f2b32e1f469650e
d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
e75e7b4f4db640c54deb092dd373afa2b692a2078461cd0193e2b54b84c8250c
f3adace9b9f1d61d8752f65c0418a49595e347c417a17b14655d838993b74229
f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586
+ 67 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230524-jj9aeabd22/
Unpacked files
SH256 hash:
9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b
MD5 hash:
a4ad77a0cef47674a77b232ce7fa6178
SHA1 hash:
2dd7d3e697bacdb6a80626afc0274559d7d8f229
Link:
https://www.unpac.me/results/208d302f-f0d2-4db4-ac96-008f34e2f600/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9f09516333917e1e0f67e19b6cff1f3bd341f2931a9efbc05e4653a12743bd6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/391003/

Comments