MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f
SHA3-384 hash: 2c1dc8d5fec84d6609ea5b66c51da4f8b7b3795ff24dfd5b0ea02b647f63734edbd89d05a0db368f3b696057d85c350c
SHA1 hash: 7c8bf4b4170cffc925e665e1783fefd14086eecd
MD5 hash: 900f7184a3494fdbf9ad188992cd7e65
humanhash: nebraska-berlin-charlie-maryland
File name:168881286548c3854a498d317a6c0c080fcf3524a92b4f3832f0fdd9481818deaff1153c46437.dat-decoded
Download: download sample
File size:12'800 bytes
First seen:2023-07-08 10:41:12 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep 192:3YGOIruk52TfT04H98+cBhGOnT1Vu4IW1CnhsJgQHs0gFfEFKXrdzLuoHE:3xOc0T1dhcOqVu3nhqdsJvXrUoHE
Threatray 120 similar samples on MalwareBazaar
TLSH T1A042E92967E84778EABEAB379C7191500672FE09DD23DF7D09E095190E732048EE1F26
TrID 35.4% (.EXE) Win64 Executable (generic) (10523/12/4)
22.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.1% (.EXE) Win32 Executable (generic) (4505/5/1)
6.9% (.ICL) Windows Icons Library (generic) (2059/9)
6.8% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter abuse_ch
Tags:base64-decoded dll


Avatar
abuse_ch
Malware dropped as base64 encoded payload

Intelligence

File Origin
# of uploads :
1
# of downloads :
264
Origin country :
DE DE
Vendor Threat Intelligence
Detection:
DLAgent09 Downloader
Create hunting rule
Link:
https://www.capesandbox.com/analysis/411921/
Detection(s):
SecuriteInfo.com.Variant.Zusy.473104.11583.23775.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm cmd lolbin lolbin packed replace schtasks wscript
Link:
https://www.filescan.io/uploads/64a93d7e9bd9f933fbb8f2f2/reports/ea76222a-5199-4889-a97c-f5fab87e77c3/overview
Verdict:
Malicious
Labled as:
Zusy.Generic
Link:
https://www.hybrid-analysis.com/sample/fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/4389c646-a0e8-4905-b20b-6a7cb54bf36f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f/
Threat name:
Win32.Trojan.Zusy
Create hunting rule
Status:
Malicious
First seen:
2023-07-08 10:42:07 UTC
File Type:
PE (.Net Dll)
Extracted files:
1
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7osvwni674kvgooxsvguq4wszj7hvvguiwwli7grgq5udeyjv4xq._file
Verdict:
malicious
Similar samples:
4364a60cc5f7039a24528452680648850d7b3f434c25892d1b3b5e5aa14898fb
6c798312f1aa6826f5e1dcc49ae54d4011d0e28245b3e6be0803dfd4381c6acb
77cc8d160dfa2efa3a75e52a620e3f8a6cc2665e94ed56aa1ddd97a61b59a5d1
888dc17f63eb7b61713327994a126c3ce5ca2b69e2643c8f6b7caa34235e972f
8cd29838aeae1b19c74a19a1a8e1682dbe55fa82586706d9d640485274244ec8
8ea0725c12db093e1fdb832954d88c79e17cca9557360173154d5e6ca278b80e
a2818335c97356215ddb1e92fff59fe0f431eeffe99d423399989602b59aafd9
a91bc84dd26784dc82b1ee55b50dc3016738a09fa0f6cdd22ad053bc00dfa016
aa56138ede83b2313cffd1ac5a973cdce0ecd91a1140b8bbd28efa6685ff3e9c
fc8c983c70303955fbbf53be566a1e573a231e2d38aaeaee4ed30a064a1bf172
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230708-mrnkfsec83/
Unpacked files
SH256 hash:
fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f
MD5 hash:
900f7184a3494fdbf9ad188992cd7e65
SHA1 hash:
7c8bf4b4170cffc925e665e1783fefd14086eecd
Link:
https://www.unpac.me/results/aa699d40-636a-4c92-b618-9633960e8c90/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:extracted_at_0x44b
Create hunting rule
Author:cb
Description:sample - file extracted_at_0x44b.exe
Reference:Internal Research
Rule name:MALWARE_Win_DLAgent09
Create hunting rule
Author:ditekSHen
Description:Detects known downloader agent
Rule name:SUSP_VBS_Wscript_Shell
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the definition of 'Wscript.Shell' which is often used by Malware, FPs are possible and commmon

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 48c3854a498d317a6c0c080fcf3524a92b4f3832f0fdd9481818deaff1153c46

DLL dll fba55b351eff155339d7954d4872d2ca7e7ad4d445acb47cd1343b419309af2f

(this sample)

  
Dropped by
SHA256 48c3854a498d317a6c0c080fcf3524a92b4f3832f0fdd9481818deaff1153c46
  
Dropped by
MD5 c4c8ea8f8b4f7dfec9619ebb15fb9f74
  
URLhaus
https://urlhaus.abuse.ch/url/2678675/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/411921/

Comments