MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8
SHA3-384 hash: 92b0b09378a6a490b03e15ba9e265e5a3a7f6c96c61615086cfaa25799edafa3dc5cb7d71f81cf70feea8888634ff4c2
SHA1 hash: 78f875eabdca337c3526e52ba324902e7a148ce6
MD5 hash: a3d9b510e2e17f4ea08aa9f74b54e6b5
humanhash: rugby-cola-venus-diet
File name:yn.dll
Download: download sample
Signature n/a
File size:413'696 bytes
First seen:2020-06-03 17:33:48 UTC
Last seen:2020-07-19 19:45:12 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash e43cc7ada705744f3773e4f7b07d207d
ssdeep 6144:p/XvoKeJzjwanAMDqig5LNL4NzQyBlH5xXnI1yLNkuyt47OuSoCHolcW/x88:hQVxDzChgLH5BnsymD47+o1lc4V
TLSH D9949E513BB44415F2578F3D58F241228FBEADC8EA79C2C646C623DA0AA72D05B7C787
Reporter @abuse_ch
Tags:dll ZLoader


Twitter
@abuse_ch
ZLoader payload URL:
http://gegnacheckwebtiyclin.tk/asn/yn.dll

Intelligence


File Origin
# of uploads :
4
# of downloads :
24
Origin country :
CH CH
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Threat name:
Win32.Trojan.Kryptik
Status:
Malicious
First seen:
2020-06-03 16:29:51 UTC
AV detection:
17 of 31 (54.84%)
Threat level
  5/5

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8

(this sample)

Comments