23c2569a65870a9e412d98d5b3bdc554
Hash
- MD5: 23c2569a65870a9e412d98d5b3bdc554
- SHA1: 91def0a4dd9b35510d7f8897bc114f975a5d7e2b
- SHA256: 159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3
- First Seen: 2025-09-01
- Last Seen: 2026-05-22
-
3
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3",
"sha3_384_hash": "1ff6f685c10f9f41a703cfe99eb25525d600deb43117a277cb1868fa84a6e824614d574a0366fbaee94391dc052ca039",
"sha1_hash": "91def0a4dd9b35510d7f8897bc114f975a5d7e2b",
"md5_hash": "23c2569a65870a9e412d98d5b3bdc554",
"first_seen": "2025-09-12 11:22:54",
"last_seen": "2026-05-22 15:52:42",
"file_name": "159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3_windows_dpapiloader_sspicli.bin",
"file_size": 418304,
"file_type_mime": "application/x-dosexec",
"file_type": "exe",
"file_format": null,
"file_arch": null,
"reporter": "foxit_srt",
"origin_country": "NL",
"anonymous": 0,
"signature": null,
"imphash": "6bde352c771d4958743bc28245c33758",
"tlsh": "T170946D16F79804B8E0A79238C9774A06E776BC5A0360DBDF13E486666F33BD05A3D760",
"telfhash": null,
"gimphash": null,
"ssdeep": "6144:PgBn6NlE0c6H3vY0bDTn/fqveD2BNww/uqKMR477eew8NR591/Xz5:oBnYY0bDT/fulDwwWARo/Zj",
"magika": "pebin",
"dhash_icon": null,
"trid": [
"48.7% (.EXE) Win64 Executable (generic) (10522/11/4)",
"23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)",
"9.3% (.EXE) OS/2 Executable (generic) (2029/13)",
"9.2% (.EXE) Generic Win/DOS Executable (2002/3)",
"9.2% (.EXE) DOS Executable Generic (2000/1)"
],
"comment": null,
"archive_pw": null,
"tags": [
"dll",
"DPAPILoader",
"exe",
"Lazarus"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": null,
"downloads": "50",
"uploads": "2",
"mail": null
},
"file_information": [
{
"context": "cape",
"value": "https://www.capesandbox.com/analysis/27122/"
}
],
"ole_information": [],
"yara_rules": [
{
"rule_name": "cobalt_strike_tmp01925d3f",
"author": "The DFIR Report",
"description": "files - file ~tmp01925d3f.exe",
"reference": "https://thedfirreport.com"
},
{
"rule_name": "DebuggerCheck__API",
"author": null,
"description": null,
"reference": "https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara"
},
{
"rule_name": "DetectEncryptedVariants",
"author": "Zinyth",
"description": "Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded",
"reference": null
},
{
"rule_name": "golang_bin_JCorn_CSC846",
"author": "Justin Cornwell",
"description": "CSC-846 Golang detection ruleset",
"reference": null
}
],
"vendor_intel": {
"ANY.RUN": [
{
"malware_family": null,
"verdict": "No threats detected",
"file_name": "159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3.dll",
"date": "2025-09-03 10:35:13",
"analysis_url": "https://app.any.run/tasks/7d1eadd6-31ef-4a9b-a877-b5edff453de0",
"tags": []
},
{
"malware_family": null,
"verdict": "No threats detected",
"file_name": "sspicli.dll",
"date": "2024-03-11 12:52:13",
"analysis_url": "https://app.any.run/tasks/2dbf15e2-1f14-4347-a618-eff8a18ea024",
"tags": []
}
],
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "1.00"
},
"vxCube": {
"verdict": "malware2",
"maliciousness": "100",
"behaviour": [
{
"threat_level": "neutral",
"rule": "Sending a custom TCP request"
}
]
},
"Intezer": {
"verdict": "malicious",
"family_name": null,
"analysis_url": "https://analyze.intezer.com/analyses/c68e6c44-0a53-48fd-b66e-e061f61d034f?utm_source=MalwareBazaar"
},
"CAPE": {
"detection": null,
"link": "https://www.capesandbox.com/analysis/27122/"
},
"Triage": {
"malware_family": null,
"score": "3",
"link": "https://tria.ge/reports/250912-rn8hnsyvcs/",
"tags": [],
"signatures": [],
"malware_config": []
},
"ReversingLabs": {
"threat_name": "Win64.Trojan.Generic",
"status": "SUSPICIOUS",
"first_seen": "2024-03-11 14:14:43",
"scanner_count": "36",
"scanner_match": "19",
"scanner_percent": "52.78"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"UnpacMe": [
{
"sha256_hash": "159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3",
"md5_hash": "23c2569a65870a9e412d98d5b3bdc554",
"sha1_hash": "91def0a4dd9b35510d7f8897bc114f975a5d7e2b",
"detections": [
"win_svcready_a0"
],
"link": "https://www.unpac.me/results/9b0076a3-00b3-46cd-8827-523b70546eb9/"
}
],
"FileScan-IO": {
"verdict": "LIKELY_MALICIOUS",
"threatlevel": "0.75",
"confidence": "1",
"report_link": "https://www.filescan.io/uploads/68c42c71dbc6f5a29c420f60/reports/ff0cd3b8-861a-429d-be3e-fbf38b424eb1/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "dll x64",
"first_seen": "2024-03-29T17:34:00Z",
"last_seen": "2024-03-29T17:34:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/159471e1abc9adf6733af9d24781fbf27a776b81d182901c2e04e28f3fe2e6f3/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}