MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aee8596ddc3927e7c89221f7153735aacb6f5ebfd7baa843d12a62c6dd48c3eb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aee8596ddc3927e7c89221f7153735aacb6f5ebfd7baa843d12a62c6dd48c3eb
SHA3-384 hash: c182e2d2e4a4b90f51a84db26b60131398a15e34c1418f0c809d612879f2ccc347f4c04dc06091336e1399deca9e1a29
SHA1 hash: bca5f4b1243f853a6fc1c0763dc9fa493344f987
MD5 hash: d775145995bbe2a1b4d15bee3c7babec
humanhash: grey-delaware-seventeen-twelve
File name:Oneman.htm
Download: download sample
File size:1'055'232 bytes
First seen:2021-05-06 14:11:44 UTC
Last seen:2021-05-06 15:20:14 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:LDUDdqXh86CIWWpd/1yM9IsENY/xyJnXC8wk972f0WbM4PRyP5QrwEiREIMxRluQ:cu8EWWAaJxvNUdz
Threatray 2 similar samples on MalwareBazaar
TLSH DD25962435FB911AF1BBAFB66FD8F8579E6EF235150A761730004717CA03B809E5263A
Reporter cbecks2

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/151679/
Detection(s):
SecuriteInfo.com.MSIL.Injector.VLU.16130.19812.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/716403
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aee8596ddc3927e7c89221f7153735aacb6f5ebfd7baa843d12a62c6dd48c3eb/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-05-03 01:44:02 UTC
AV detection:
5 of 29 (17.24%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
714cdcd6e144b482d1c98661e894900244862c7135a895f2edfcd7fdac6d84fc
7ca4d82a3c58cde4fefab8647f477ec29e903507c99212c6ae53a6802223423d
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210506-xcsqefm9qs/
Unpacked files
SH256 hash:
aee8596ddc3927e7c89221f7153735aacb6f5ebfd7baa843d12a62c6dd48c3eb
MD5 hash:
d775145995bbe2a1b4d15bee3c7babec
SHA1 hash:
bca5f4b1243f853a6fc1c0763dc9fa493344f987
Link:
https://www.unpac.me/results/7dca3cb5-e6a4-4d28-89dd-2e305349e1c0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aee8596ddc3927e7c89221f7153735aacb6f5ebfd7baa843d12a62c6dd48c3eb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_Stomped_PECompilation_Timestamp_InTheFu
Create hunting rule
Author:ditekSHen
Description:Detect executables with stomped PE compilation timestamp that is greater than local current time

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/151679/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-06 15:10:59 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
1) [C0027.001] Cryptography Micro-objective::AES::Encrypt Data