MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc
SHA3-384 hash: f1fbe013b286bd4df64cc784b45c280446f24d7bfe2e762b0e943d7afea14e197acf4238b7e3b430c90b0c0af7d7fbcf
SHA1 hash: d1d73205372f82f286461797c707ead6468be94a
MD5 hash: 897ea2bcfcc78408e4beea68b3be622a
humanhash: west-montana-october-oven
File name:1690892347caab5620f256b860cb9d75afcee61cc0c2d9f4b082014d9eba8b38a6f1dc90e2495.dat-decoded
Download: download sample
File size:52'224 bytes
First seen:2023-08-01 12:19:08 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 1536:1nmgBb95pG6BcFQY9Syo0t7G+PnYhHr2:1vOFdi0t7GbHK
Threatray 6 similar samples on MalwareBazaar
TLSH T11B332807B68F91F2C1948B7BC59651C00370D382AA23E60F754E2379DE537BE8AC6752
TrID 87.2% (.DLL) Generic .NET DLL/Assembly (236632/4/32)
3.8% (.EXE) Win64 Executable (generic) (10523/12/4)
2.4% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.6% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
279
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/439601/
Detection(s):
SecuriteInfo.com.Variant.Tedy.407208.31527.7708.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed packed
Link:
https://www.filescan.io/uploads/64c8f8743d0bb8484a8a3c97/reports/7856eb61-ec48-41ea-9dbf-85728ccbaf37/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/fce261f8-1e00-4600-9687-0d8da2eac503
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1283716
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Execute DLL with spoofed extension
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1283716 Sample: 1690892347caab5620f256b860c... Startdate: 01/08/2023 Architecture: WINDOWS Score: 60 15 Multi AV Scanner detection for submitted file 2->15 17 Sigma detected: Execute DLL with spoofed extension 2->17 19 Machine Learning detection for sample 2->19 7 loaddll32.exe 1 2->7         started        process3 process4 9 cmd.exe 1 7->9         started        11 conhost.exe 7->11         started        process5 13 rundll32.exe 9->13         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7d64brwoikxnhivenae5tjcy2dbcvcdvpxy4f6v4u33vobehjtoa._file
Verdict:
malicious
Similar samples:
08f99aa27cbedd18401cfae07c7dd2e79966c6f63777fb95bc7a73c5cad5a537
181c961adb5e3152a9384f18a7fecdc0574a311640434b1a98b3b514311ed645
2ad4c4f27ff93553beebc1e426bd73cb6415c88bb233442fdc727de557a95c2d
bd8c4eb8ae0047367c1d20d2132d3a2fe2bdf0d197001ea4ecaa3816d59c84e9
d5a06a6691aef83da53dc517b8bb6005f7477c1264e6aa76da11f9a3f55d3d7b
e7381cc97a46b747466b313387a75b99c21aac2ee4d0405323d97dc364bd4202
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230801-phrlvsfg29/
Unpacked files
SH256 hash:
f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc
MD5 hash:
897ea2bcfcc78408e4beea68b3be622a
SHA1 hash:
d1d73205372f82f286461797c707ead6468be94a
Link:
https://www.unpac.me/results/61a9a6e6-c6a6-4056-b638-ceb1267a5d07/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java Script (JS) js caab5620f256b860cb9d75afcee61cc0c2d9f4b082014d9eba8b38a6f1dc90e2

DLL dll f8fdc0c6ce42aed3a2a46809d9a458d0c22a88757df1c2fabca6f75704874cdc

(this sample)

  
Dropped by
SHA256 caab5620f256b860cb9d75afcee61cc0c2d9f4b082014d9eba8b38a6f1dc90e2
  
Dropped by
MD5 60d72f47bc4b0111b9c685fe0afd3d8e
  
URLhaus
https://urlhaus.abuse.ch/url/2694876/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/439601/

Comments