MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6689bb01faa4b79ccbf36e24360b14f2ee181d2bf305b7ca59fd275109e92dc1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lucifer


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6689bb01faa4b79ccbf36e24360b14f2ee181d2bf305b7ca59fd275109e92dc1
SHA3-384 hash: 8dd83ba36c3bf23db6ceaa37085226ba0eeaade1271a7535833346703439d1cbcaad4ff00dae262707de5f1d90ffcb22
SHA1 hash: e87423ba179c4cd16dc40110f9efeadea7f329cf
MD5 hash: 85d7b39bb88697ed93bd74c516f672cf
humanhash: cardinal-oven-football-thirteen
File name:85d7b39bb88697ed93bd74c516f672cf.exe
Download: download sample
Signature Lucifer
Create hunting rule
File size:661'504 bytes
First seen:2020-05-27 11:40:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 82ee847d3412bd91ec2252cf3901e308 (16 x AgentTesla, 4 x Loki, 1 x NanoCore)
ssdeep 12288:xi8qmDnPyX8ylwhz8n4l7OUrYqYwYTtlNdUJIP0p/vae:4BeyXKx8n4IUrWtVQlpHX
Threatray 1'901 similar samples on MalwareBazaar
TLSH ECE48DDEE2E04832F1671A3D9C0B97B4582EBE10292869466BE4DD4C9FF938D3D35193
Reporter abuse_ch
Tags:exe Lucifer


Avatar
abuse_ch
Lucifer C2:
http://193.142.59.18/pettz/doc.php

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Injector
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 12:35:52 UTC
File Type:
PE (Exe)
Extracted files:
274
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
08f7d226c61cc7f24dfc55909238659ddf5c09f47127f348322c2d8636cdca1c
Lucifer
0f455b48c43367bf28076037a2d441e78f81143ea5067f144e7d5c6abb79dc73
Lucifer
391ea7416464160ef2c7471149d584e4ae9cbd9fa2062cd4319481db7cf82cf3
Lucifer
6480d0d4232a23159e754ab88769b21a48e8bc4a86fa84b99c2160b2bfb09244
Lucifer
7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51
Lucifer
7765882da3fa82551473e15f93716036e185b9d88f153fbb1566897dc0f52673
Lucifer
7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
Lucifer
b44ef73bf2306886ca92291cbbdc5b0d07d6878f9a1b3c84ce476ca69cc4532e
Lucifer
e6628501ee0344c1e6c7adc92944f5ddc7c784c1ac6278bdd7b66164b01707d3
Lucifer
f0d6e0d054cdb2a4795f1aa9761613d3dd829ca5529e63b93b75c12c2554507c
Lucifer
+ 1'891 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201109-fp59shg35a/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Lucifer

Executable exe 6689bb01faa4b79ccbf36e24360b14f2ee181d2bf305b7ca59fd275109e92dc1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/365985/
  
Delivery method
Distributed via web download

Comments