MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b
SHA3-384 hash: a8fcd42094c0ebb16a1b2a3627107adb10b9b0851d70711bd37d8bda24f4984ce70b690c17d79022988bc7bcfa9052d0
SHA1 hash: 754e8eb01a92ebf75d28d7f869eaaa3dbcb50c51
MD5 hash: fe4704e5165d2d10218cb9c19473e517
humanhash: alabama-helium-minnesota-comet
File name:1688809448f58565c3c9e3819111bcb97efe9687cc9e2cb9bc9ab493cf0ecc711b26de20b3979.dat-decoded
Download: download sample
File size:3'250'688 bytes
First seen:2023-07-08 09:44:10 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 49152:9qT0a34X5Tg1dMnM8uAXwJBMhwCuMln93T9LPKOzAfxKqnowNEvr:9qT7GS8uAXwJaiFSZ9LPK0AoMot
Threatray 61 similar samples on MalwareBazaar
TLSH T152E5CFC9AA52DE36D3A56B36A053811A8234D6A37723BB1F1F7C05357CA33780D523DA
TrID 79.7% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
4.4% (.SCR) Windows screen saver (13097/50/3)
3.5% (.EXE) Win64 Executable (generic) (10523/12/4)
3.3% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
270
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/411726/
Detection(s):
Win.Trojan.Bladbindi-1
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed packed
Link:
https://www.filescan.io/uploads/64a930279bd9f933fbb8efd0/reports/7946b261-974d-408f-979e-026b2188399d/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/08061801-dd34-4349-8973-c5c10065e582
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-06-28 11:43:55 UTC
File Type:
PE (.Net Dll)
Extracted files:
4
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3rjmoh42nbxmxjmzh4ghugb7b3mg6wel3r2usdzeus27mezztfnq._file
Verdict:
malicious
Similar samples:
2184033d7ec56ba7ace3dcb48d10e47874a638d8a7c01e0ed321c79d2e9e576f
3c89cb1c6c74747eadb40f158ea38751bd1a61acdc789b86f0acd0a107b689e9
5191f253dac6048e343a1c5a9503ce9efe250b04e333f0f7c216bc9294ac8183
8e7fbeb2dd4fecea39d5194595357509c3d9a0bdfd5d8f962815f97090e9c831
91bedde298120f2112051018910a77a8672687917722e9a4aba692ec312bf4b2
93bd0a081feb2e1576bbf84b672e120981ad2cf3f5017db7942959f9959f5066
abe25695b67fcf9e07c535f4f8664a2828fbef735821337603a451475b7976da
cdb463c9aeff4b1d0090647e3baa27f32360301b0be912489f2b32e1f469650e
ef4930b5b0a30a1cc493f4b7f72fcadcd109d21956d2aced6e85e4c6f5e69fb0
f275589bf659f7805e2be779ef77334af3e914e57530c5bf241c8de6e22c6225
+ 51 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-lq26sadh38/
Unpacked files
SH256 hash:
dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b
MD5 hash:
fe4704e5165d2d10218cb9c19473e517
SHA1 hash:
754e8eb01a92ebf75d28d7f869eaaa3dbcb50c51
Link:
https://www.unpac.me/results/5b54e061-1899-4b6a-ad87-84ab53ffb653/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_EXE_Packed_Yano
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with Yano Obfuscator
Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown f58565c3c9e3819111bcb97efe9687cc9e2cb9bc9ab493cf0ecc711b26de20b3

DLL dll dc52c71f9a686ecba5993f0c7a183f0ed86f588bdc75490f24a4b5f61339995b

(this sample)

  
Dropped by
SHA256 f58565c3c9e3819111bcb97efe9687cc9e2cb9bc9ab493cf0ecc711b26de20b3
  
Dropped by
MD5 158618aa57dbc71db45eafc66cedebf6
  
URLhaus
https://urlhaus.abuse.ch/url/2678626/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/411726/

Comments