MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358
SHA3-384 hash: a0399161afdf174349547b4dd966601c6967e168311cfafb1157948879befea4e88c4628f83d182e84c37ea16e6a6679
SHA1 hash: ec28af6f6d390a8c945fbceaf3bd5c8a932325bb
MD5 hash: ea22cd813324fba3ce3078ca5a4e98e6
humanhash: cup-quebec-one-tennis
File name:ea22cd813324fba3ce3078ca5a4e98e6.dll
Download: download sample
File size:1'086'464 bytes
First seen:2021-11-23 20:10:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:IOzj9IF1Z5ibGcb34sH3ifbmRR7RRRbvn9j1sFKovvveY8:IzhibxHaFKpY8
Threatray 1'101 similar samples on MalwareBazaar
TLSH T13C356B027F81AD41E03901F7C1DB515883654F2D25A6D3767DAC32A99BF63A37C0ABCA
Reporter abuse_ch
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/619d4ad8f36138de3f37e6c9/reports/1f338a85-120e-4f29-ac9e-263c688f6109/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ae490682-2b2c-4cd5-b2b8-308f01d641a1
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/895038
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 527510 Sample: rktmCf8IyK.dll Startdate: 23/11/2021 Architecture: WINDOWS Score: 22 13 .NET source code contains method to dynamically call methods (often used by packers) 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-23 20:11:12 UTC
File Type:
PE (.Net Dll)
Extracted files:
50
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
1c0eb090ad769cdd943476e9300d57e553ad24f099408334b8c0370ee9bb7648
272f11a73d3b4df0108860fabd9a915694b21bb893e2a762abbc1c7176e8c095
377d26a6588706b8cfe01190404beffb8ef5331e0bc5fe629cfd0683d590dd0b
5264cba383d033b281e0d9c097225f350fa4cb4aa910621638e79c8659ac4035
70d86fc8d1247dcd26ed0927411614973d45216d676978f768e14cb16d362536
8bc03680f98a99ea21d78a4a132be678f848a7209efa0656123745fba54fae03
cf1a8304da78b6286a412d33ef3e0390949eb83e5b08ad63c006ed578d5d4c95
d4f72d2182411da7606c634ee11876aafb6230f620c36921288c5de1f8d2f795
e6df8346cb599d0947c86555aeb55d98dc665448222e383f2384789e78d9e3e6
ed190afc14d4389527347867538df5949d132ce9d5da7c323e8812b08c0242be
+ 1'091 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211123-yx967aeda8/
Unpacked files
SH256 hash:
a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358
MD5 hash:
ea22cd813324fba3ce3078ca5a4e98e6
SHA1 hash:
ec28af6f6d390a8c945fbceaf3bd5c8a932325bb
Link:
https://www.unpac.me/results/7eefe78c-3cdd-48a3-9963-f4f25fec6a47/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1807148/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/208817/

Comments