MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9
SHA3-384 hash: 8074d5dc7a9acf897586895105724cb65a35842719341d96529ad637803d41516bcd23c2fad98b8af1fb7ab29ea4c914
SHA1 hash: 04de1841040f338abde688960686b48ec047808c
MD5 hash: 8b0eefe56513dcabafad8d7c62dac208
humanhash: hamper-magazine-speaker-social
File name:1688812865495111e2591171e474a815e040b4587d11d5e977a15e7113580de3fcfb9ac31f111.dat-decoded
Download: download sample
File size:12'800 bytes
First seen:2023-07-08 10:41:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 192:xYGOI52k52TfT04H98+cBhGOnT1Vu4IW1CnhsJgQHsbFfE6KXrdzLucHJ:xxOy0T1dhcOqVu3nhqdsZkXrUcHJ
Threatray 120 similar samples on MalwareBazaar
TLSH T10442D92967E84738DABEAB379C7291500672FE09DD23DF7D09E095190E732448EE1F26
TrID 35.4% (.EXE) Win64 Executable (generic) (10523/12/4)
22.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
6.9% (.ICL) Windows Icons Library (generic) (2059/9)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
267
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
DLAgent09 Downloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/411920/
Detection(s):
SecuriteInfo.com.Variant.Zusy.473104.19091.15943.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm cmd lolbin packed replace schtasks wscript
Link:
https://www.filescan.io/uploads/64a93d7d67f70195b4433e86/reports/5d800d6b-2d1f-4d5b-a1a2-d7b1a67a5c5b/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/fef8bf03-b2b4-4577-b458-64e33766e1e5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-07-08 10:42:06 UTC
File Type:
PE (.Net Dll)
Extracted files:
1
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ukaygnojonlccxo3d2jp75m74d2dd3x75gouem4ztclafnm2v7mq._file
Verdict:
malicious
Similar samples:
4364a60cc5f7039a24528452680648850d7b3f434c25892d1b3b5e5aa14898fb
6c798312f1aa6826f5e1dcc49ae54d4011d0e28245b3e6be0803dfd4381c6acb
77cc8d160dfa2efa3a75e52a620e3f8a6cc2665e94ed56aa1ddd97a61b59a5d1
888dc17f63eb7b61713327994a126c3ce5ca2b69e2643c8f6b7caa34235e972f
8cd29838aeae1b19c74a19a1a8e1682dbe55fa82586706d9d640485274244ec8
8ea0725c12db093e1fdb832954d88c79e17cca9557360173154d5e6ca278b80e
a91bc84dd26784dc82b1ee55b50dc3016738a09fa0f6cdd22ad053bc00dfa016
aa56138ede83b2313cffd1ac5a973cdce0ecd91a1140b8bbd28efa6685ff3e9c
fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f
fc8c983c70303955fbbf53be566a1e573a231e2d38aaeaee4ed30a064a1bf172
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-mrnkfsfb9t/
Unpacked files
SH256 hash:
a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9
MD5 hash:
8b0eefe56513dcabafad8d7c62dac208
SHA1 hash:
04de1841040f338abde688960686b48ec047808c
Link:
https://www.unpac.me/results/9b6b6d3c-2000-4ea2-9c8d-038d9199cc0f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:MALWARE_Win_DLAgent09
Create hunting rule
Author:ditekSHen
Description:Detects known downloader agent
Rule name:SUSP_VBS_Wscript_Shell
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the definition of 'Wscript.Shell' which is often used by Malware, FPs are possible and commmon

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 495111e2591171e474a815e040b4587d11d5e977a15e7113580de3fcfb9ac31f

DLL dll a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9

(this sample)

  
Dropped by
SHA256 495111e2591171e474a815e040b4587d11d5e977a15e7113580de3fcfb9ac31f
  
Dropped by
MD5 bf2e3ed27f2685294dcba25c3fd9abc6
  
URLhaus
https://urlhaus.abuse.ch/url/2678672/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/411920/

Comments