MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f
SHA3-384 hash: bebef4e9f1ecc65da32e38f723b168e121cc35dde5b35389490b63b65a6a699837781a451e7a6b7ba8e8809cb90e9063
SHA1 hash: db1da588dde0319fc089e2cf9dc38f049108bf59
MD5 hash: bba84b57933ae9e5cf9ab43204a6e9e6
humanhash: hydrogen-oranges-east-kansas
File name:sample3.bin
Download: download sample
File size:701'440 bytes
First seen:2023-02-14 19:39:33 UTC
Last seen:2023-02-14 21:32:02 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 12288:QcT3Ha3ieHwBMJ0AvrIMuJ9rT6tO3Q9SYLsAZEGIx:Qcm3188wMu7HmO3Q9SYLsAZEGIx
Threatray 75 similar samples on MalwareBazaar
TLSH T1ACE44C401FE85E3AEA9EF3BAB47107E9D2F4D056D94FE7CB144138A52ECA3E419412D2
TrID 87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
3.8% (.EXE) Win64 Executable (generic) (10523/12/4)
2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter jstrosch
Tags:dll

Intelligence

File Origin
# of uploads :
2
# of downloads :
189
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/366063/
Detection(s):
SecuriteInfo.com.Variant.MSILHeracles.64891.13759.12353.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/63ebe3956ea97adc8fc22f5d/reports/4f2541c9-4133-45fc-a43e-ec533842c68c/overview
Verdict:
Malicious
Labled as:
MSILHeracles.Generic
Link:
https://www.hybrid-analysis.com/sample/da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/64eb0742-2e90-4a30-a3ff-d8bce20e48b4
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1174793
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 807597 Sample: sample3.bin.dll Startdate: 14/02/2023 Architecture: WINDOWS Score: 52 15 Multi AV Scanner detection for submitted file 2->15 17 Machine Learning detection for sample 2->17 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f/
Threat name:
Win32.Trojan.InjectorX
Create hunting rule
Status:
Malicious
First seen:
2023-02-14 19:40:27 UTC
File Type:
PE (.Net Dll)
AV detection:
7 of 39 (17.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3jkmxvm3yytixho34bxbadiopugzyrtqodxaibplm3ujnzhlvq7q._file
Verdict:
malicious
Similar samples:
009b4de6d61871ef45ca8a91d5918d6940a9ad8470bc9b746d398033c3b9557a
201c931c77f0183e82ceaa2e17de7664131e8fb81ca10e4d5d986815cdc989e6
6d810e2cbf50de17bcbb876ede3d23767f6454d7cf8dd9f4ebadeb56b342cea4
7ace08b1b886a524fc91f97cf3ac9e8367e5d53372193adf26c5179f0c3a39d1
a9ad1c8db51f9e20280bab4947b9d9b47572e7c634cca0e2b121f3e7966a976d
b5d3b92d36198035df9370027e3e1e269f9757c4006a1b4eda2dd5575caa4d24
dfa4b25bb9a1534192d30dc3f10acd6a72c21a36bfaecae14c5d7a22dff88fd5
e876ad440761c60b772b110b7e6f08c4e156ebdb17d78c55aa4594edc65ff78a
+ 65 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230214-ydhmtsfb7v/
Unpacked files
SH256 hash:
da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f
MD5 hash:
bba84b57933ae9e5cf9ab43204a6e9e6
SHA1 hash:
db1da588dde0319fc089e2cf9dc38f049108bf59
Link:
https://www.unpac.me/results/46118603-6f19-4247-b91d-d5f7d3a729a7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/da54cbd59bc6268b9ddbe06e100d0e7d0d9c467070ee0405eb66e896e4ebac3f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/366063/

Comments