MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586
SHA3-384 hash: 60c23e59bea81db6eb3d907896faffb94edcc4ac245bc3dd5af07b8b658e88b36df16a7a60bbfebb4276d647d4eab540
SHA1 hash: c116bbf0fa2a7c1768804ca0cc537fb03aeb5bfa
MD5 hash: 319c2135f99c822e2e7a172f9896ed56
humanhash: pip-cat-muppet-charlie
File name:Loader.dll
Download: download sample
File size:2'129'075 bytes
First seen:2023-05-11 07:00:59 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
ssdeep 49152:Lv9j5xUtBOve9Z0gFxvKx7w5sskl5ON93oqMeQHN:Lv9j5xUGeYovKxhskl5ONtoqQHN
Threatray 57 similar samples on MalwareBazaar
TLSH T193A56B85A692DE2BD3826B3AA023C6685631D2023723F75FDFBE52743C93B7409417E5
TrID 22.6% (.SCR) Windows screen saver (13097/50/3)
18.1% (.EXE) Win64 Executable (generic) (10523/12/4)
17.2% (.EXE) DOS Borland compiled Executable (generic) (10000/1/2)
11.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter 0xToxin
Tags:BlindEagle DIANColombia dll


Avatar
0xToxin
http://172.174.176.153/dll/new_rump_vb.net.txt

Intelligence

File Origin
# of uploads :
1
# of downloads :
275
Origin country :
IL IL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/388350/
Detection(s):
Can't access file ERROR
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Tags:
overlay
Link:
https://www.filescan.io/uploads/645c92b38c7339c145d2ef5f/reports/54588808-948c-47fa-8a2c-0659cfa3d61f/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f1c79e7f-0916-4a88-b85a-f6f291309ff9
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1230588
Signature
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code references suspicious native API functions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 863566 Sample: Loader.dll Startdate: 11/05/2023 Architecture: WINDOWS Score: 48 36 .NET source code contains method to dynamically call methods (often used by packers) 2->36 38 .NET source code references suspicious native API functions 2->38 14 loaddll32.exe 1 2->14         started        process3 process4 16 cmd.exe 1 14->16         started        18 conhost.exe 14->18         started        process5 20 rundll32.exe 16->20         started        process6 22 rundll32.exe 20->22         started        process7 24 rundll32.exe 22->24         started        process8 26 rundll32.exe 24->26         started        process9 28 rundll32.exe 26->28         started        process10 30 rundll32.exe 28->30         started        process11 32 rundll32.exe 30->32         started        process12 34 rundll32.exe 32->34         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7buwe2bkampag5dw5ii6r4m3lbhazmm67ag2fl4zpyfkmtqtwwda._file
Verdict:
unknown
Similar samples:
04d9ffc7ec20fe6a740721b913247ad7fdd7e5e4b33a11f9ef9bc64bab90a335
32fcd31207c5e310957801fca81578c9dcba9ed3515809f62a7d50d93ad033db
470c984d8e1d9413b351c38a01827c7386fd15aef28681559df36574908f7088
603529b388e236d8e83f550e3bea45ecb9664c7e8a6137bb1ee7981f13ee72fa
62263e2a3baa016b5048a6db6c0db98f8036c6fedb41216a6a08087ac7890413
d9577a11fb93cf09c220f70d087e55eb4c7c5fed0537aebd8013e7e01a8d5d15
e75e7b4f4db640c54deb092dd373afa2b692a2078461cd0193e2b54b84c8250c
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230511-hs782aea8t/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
f86962682a031e037476ea11e8f19b584e0cb19ef80da2af997e0aa64e13b586
MD5 hash:
319c2135f99c822e2e7a172f9896ed56
SHA1 hash:
c116bbf0fa2a7c1768804ca0cc537fb03aeb5bfa
Link:
https://www.unpac.me/results/9c823d79-ab48-4d09-b01e-c370272ea5c8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/388350/

Comments