MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments

SHA256 hash: a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358
SHA3-384 hash: a0399161afdf174349547b4dd966601c6967e168311cfafb1157948879befea4e88c4628f83d182e84c37ea16e6a6679
SHA1 hash: ec28af6f6d390a8c945fbceaf3bd5c8a932325bb
MD5 hash: ea22cd813324fba3ce3078ca5a4e98e6
humanhash: cup-quebec-one-tennis
File name:ea22cd813324fba3ce3078ca5a4e98e6.dll
Download: download sample
File size:1'086'464 bytes
First seen:2021-11-23 20:10:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:IOzj9IF1Z5ibGcb34sH3ifbmRR7RRRbvn9j1sFKovvveY8:IzhibxHaFKpY8
Threatray 1'101 similar samples on MalwareBazaar
TLSH T13C356B027F81AD41E03901F7C1DB515883654F2D25A6D3767DAC32A99BF63A37C0ABCA
Reporter abuse_ch
Tags:dll

Intelligence


File Origin
# of uploads :
1
# of downloads :
114
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated packed
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 527510 Sample: rktmCf8IyK.dll Startdate: 23/11/2021 Architecture: WINDOWS Score: 22 13 .NET source code contains method to dynamically call methods (often used by packers) 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Threat name:
ByteCode-MSIL.Trojan.Generic
Status:
Suspicious
First seen:
2021-11-23 20:11:12 UTC
File Type:
PE (.Net Dll)
Extracted files:
50
AV detection:
10 of 28 (35.71%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Unpacked files
SH256 hash:
a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358
MD5 hash:
ea22cd813324fba3ce3078ca5a4e98e6
SHA1 hash:
ec28af6f6d390a8c945fbceaf3bd5c8a932325bb
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll a255e88bf261d3fa96b24a61ac91ed6af057d4fc0713c4fbe9cd5cb64ef7f358

(this sample)

  
Delivery method
Distributed via web download

Comments