MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2
SHA3-384 hash: a47378ef0e99de7fcb19c36a0cb94bcb25bd0120aaaf7b79867930f3bf9affa017bb59a6ca25caa270639a244a5834b6
SHA1 hash: f3530a91b02292b5cdfff28d3fab896f992ac9ad
MD5 hash: ca84b1d90b3849a4a0379fdabd12acf6
humanhash: lamp-sodium-saturn-ten
File name:SecuriteInfo.com.Win32.MalwareX-gen.8589.2867
Download: download sample
File size:221'696 bytes
First seen:2025-06-12 16:29:35 UTC
Last seen:2025-06-12 18:19:09 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash fca06c714c612b5e7d0fa6912d6b4c32
ssdeep 6144:S9M+AcFxcbc94Rk1mTLCfhSlAO2cp4Z8p:S9Eecbc945zUmi8p
TLSH T124248D01B4C1C476D8BF16320579AB655ABEF9304BA1D9DFABD40D7E4F302C1C631A6A
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:dll

Intelligence

File Origin
# of uploads :
3
# of downloads :
517
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/9190/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=684b02f68bd5d68a12e83d50
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/07438d40-4315-425a-a270-a834ae761e76
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1713491
Signature
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Sigma detected: Rundll32 Execution Without CommandLine Parameters
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1713491 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 12/06/2025 Architecture: WINDOWS Score: 56 29 pki-goog.l.google.com 2->29 31 c.pki.goog 2->31 33 Multi AV Scanner detection for submitted file 2->33 35 Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments 2->35 37 Sigma detected: Rundll32 Execution Without CommandLine Parameters 2->37 9 loaddll32.exe 1 2->9         started        11 rundll32.exe 2->11         started        signatures3 process4 process5 13 cmd.exe 1 9->13         started        15 rundll32.exe 9->15         started        17 rundll32.exe 9->17         started        19 conhost.exe 9->19         started        process6 21 rundll32.exe 13->21         started        23 WerFault.exe 20 16 15->23         started        25 WerFault.exe 16 17->25         started        process7 27 WerFault.exe 16 21->27         started       
Score:
90%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2/
Threat name:
Win32.Infostealer.Tinba
Create hunting rule
Status:
Malicious
First seen:
2025-06-12 14:59:56 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zml6qw53hwudodxzg6bw6dzezltsuvgf6vg4t3iwsay7kj22a7ra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250612-t167gszvc1/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2
MD5 hash:
ca84b1d90b3849a4a0379fdabd12acf6
SHA1 hash:
f3530a91b02292b5cdfff28d3fab896f992ac9ad
Link:
https://www.unpac.me/results/1909d64d-e228-42a6-a900-eeaa11168a00/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DLL dll cb17e85bbb3da8370ef937836f0f24cae72a54c5f54dc9ed169031f5275a07e2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3561482/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/9190/

Comments