MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ousaban


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f
SHA3-384 hash: cb109f88402c359b6235dab3d1eb50114e5cf2b4c3a072fb972a826745a7e337ae6cddb017dcacf94b34ec43486acc2b
SHA1 hash: 0f4d690ae76ba9c4c16066a02b40242df1450295
MD5 hash: ff0f6e690642fdcdd8acafe3b09a179c
humanhash: arizona-mars-bravo-stream
File name:dddss.dll
Download: download sample
Signature Ousaban
Create hunting rule
File size:5'523'968 bytes
First seen:2022-05-26 19:42:49 UTC
Last seen:2022-05-26 20:44:13 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 2c054a8557d3f2a73503dd3a2fb4652d (1 x Ousaban)
ssdeep 98304:50+dsvAOjiIkkRF655V+QqGKfsS4ypwY1X6H6XLYDqNSBOQXssB5t:TdsvAOjiIkkRF65XGffYyaY1XcLcQXs0
TLSH T15E467D16F280E03ED0A71A36993BD668983F7A712A16CC4B57F4498CCF396407A3F657
TrID 61.8% (.EXE) Inno Setup installer (109740/4/30)
23.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
5.9% (.EXE) Win64 Executable (generic) (10523/12/4)
2.5% (.EXE) Win32 Executable (generic) (4505/5/1)
1.6% (.MZP) WinArchiver Mountable compressed Archive (3000/1)
Reporter dodosec
Tags:brazil dll Downloader ousaban


Avatar
dodo_sec
Downloader bundled with malicious MSI. Export "sentanomeucolomuiesentalogo" downloads a ZIP archive from hxxp://137.]117.]178.]56:52331/petco-es-2505.]zip, saves it to C:\Nowrnd\VUJJJFwwwLFLF.zip, decrypts it and extracts its contents. Among those is a padded DLL that's Ousaban itself

Intelligence

File Origin
# of uploads :
2
# of downloads :
349
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/274832/
Detection(s):
PUA.Win.Packer.Exe-6
Create hunting rule

SecuriteInfo.com.Variant.Tedy.106451.32630.3793.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
control.exe expand.exe hacktool keylogger rat remote.exe replace.exe update.exe
Link:
https://www.filescan.io/uploads/628fd8896bd27afab465bc3c/reports/8dd5b9d7-d09b-46ae-9860-e1a7206bf25e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/40252ce1-1e3e-479c-9b88-198e7d161ab9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1002339
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 634835 Sample: dddss.dll Startdate: 26/05/2022 Architecture: WINDOWS Score: 48 39 Multi AV Scanner detection for submitted file 2->39 8 loaddll32.exe 1 2->8         started        process3 process4 10 rundll32.exe 8->10         started        12 rundll32.exe 8->12         started        14 rundll32.exe 8->14         started        16 5 other processes 8->16 process5 18 WerFault.exe 9 10->18         started        20 WerFault.exe 10->20         started        22 WerFault.exe 9 12->22         started        24 WerFault.exe 12->24         started        26 WerFault.exe 23 9 14->26         started        29 rundll32.exe 16->29         started        31 WerFault.exe 16->31         started        33 WerFault.exe 16->33         started        dnsIp6 37 192.168.2.1 unknown unknown 26->37 35 WerFault.exe 2 9 29->35         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f/
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2022-05-26 19:43:13 UTC
File Type:
PE (Dll)
Extracted files:
69
AV detection:
21 of 41 (51.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wqi5qk4eo2rq73eibe2hbxdzbal3tqqams2h3wzxe2u2tz4lu4hq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220526-ye8kmseda9/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f
MD5 hash:
ff0f6e690642fdcdd8acafe3b09a179c
SHA1 hash:
0f4d690ae76ba9c4c16066a02b40242df1450295
Link:
https://www.unpac.me/results/62ed8f0f-fb7a-4e9b-a84f-e5b0a3e7f836/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Ousaban

Microsoft Software Installer (MSI) msi 527316e33aec35e357264f36c2313be372a70f17f8551aa4b8f9e99619320cbe

Ousaban

DLL dll b411d82b8476a30fec88093470dc790817b9c20064b47ddb3726a9a9e78ba70f

(this sample)

Ousaban

zip 85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93

  
Dropped by
SHA256 527316e33aec35e357264f36c2313be372a70f17f8551aa4b8f9e99619320cbe
Cape
Cape
https://www.capesandbox.com/analysis/274832/
  
Dropping
SHA256 85098e8d120d40daabb52c95dc0d459445be1f5d5c87511fa7280f8b7e97fc93
  
Dropping
MD5 ae9df8a868d0e1760255a0a006c91fea
  
Dropped by
MD5 51f464325c2751dc9d945b9671b1e61f

Comments