MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617
SHA3-384 hash: 49e091826c22564dad2fb46a4006db3a2efadab95167386126066cf2677447de95f88fd2060eb246049558f3d6f5892e
SHA1 hash: aa7d3904d422d1f342a718211d7261dfa62a5dfa
MD5 hash: 10a050066b27a568bfb873d49e6154f5
humanhash: spring-florida-golf-salami
File name:SecuriteInfo.com.Trojan.MSIL.Injector.809538b2.11121.10227
Download: download sample
File size:722'944 bytes
First seen:2021-11-17 12:30:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:rUQ+26CT7f2Q1jhEzg2VAApTihZUsQcOciuvCR0Sr3kmLbrM4jEkpW/4LR+lC:IQ+26CT7f13OgOAuiZucO9ACrYz4jEm8
Threatray 1'471 similar samples on MalwareBazaar
TLSH T100F4BE107D02CD91E25D1677C19F8A0843359CA1A6A3E71BBEFD32AC55123A3BD09ADF
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.MSIL.Injector.809538b2.11121.10227.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated packed
Link:
https://www.filescan.io/uploads/6194f6084912a8c920a1666e/reports/743f9751-f749-47cc-8595-a4de0e336ae9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/cea0801a-b16c-49dd-8999-ca84c2e67a24
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/891122
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 523595 Sample: SecuriteInfo.com.Trojan.MSI... Startdate: 17/11/2021 Architecture: WINDOWS Score: 22 13 .NET source code contains method to dynamically call methods (often used by packers) 2->13 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        process5 11 rundll32.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617/
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-11-16 08:28:59 UTC
AV detection:
7 of 28 (25.00%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
23b916e5bb30f814e9819cf3499fe56820380b827b20f595022eabbd47267374
272f11a73d3b4df0108860fabd9a915694b21bb893e2a762abbc1c7176e8c095
28fbc35964c5a137d5e4bb2c770fbc6674d26fe478e18a0759e0647a44cb0d54
4f5eb87739916022c23a6291aaac32e86cef1d92cd9bcf67ec0ed357f1672ca1
5264cba383d033b281e0d9c097225f350fa4cb4aa910621638e79c8659ac4035
91800daa547a2afed2b16ab87634d0466d24d8769b9573ac7ded4c9f94e627ba
e221a9a50a4c2492f5fbd710cddc97c63ea9247f6e6c0ba1893e12a9ca608395
ef0116d9f61a26ad233dc3edc1990eb6c83b0398a593c65ef19f106008892eee
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
+ 1'461 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211117-pp4vrscfc2/
Unpacked files
SH256 hash:
b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617
MD5 hash:
10a050066b27a568bfb873d49e6154f5
SHA1 hash:
aa7d3904d422d1f342a718211d7261dfa62a5dfa
Link:
https://www.unpac.me/results/2d155e98-fc11-4f0f-b58b-84e7fb14a5b0/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll b469963d4507cd2bf3073abee59a88cd2bf0bbbd9b1a3138d4ef7b76860e1617

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1797365/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/206785/

Comments