MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee
SHA3-384 hash: c0f500fae0b00f32e4dc3fdab0df0d05e4324170870ec4625df213d94d3bb25e96ac3f16fa78f5a166462e68ff4ad585
SHA1 hash: 85b797e641b9481f75c2142e7fd4b9b911145e3c
MD5 hash: 240f43d3b7b72cbab39d1b5cb49dc759
humanhash: alaska-summer-arkansas-nebraska
File name:SecuriteInfo.com.Trojan.MulDrop12.10043.1891.32479
Download: download sample
File size:15'343'454 bytes
First seen:2020-08-05 00:34:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c4c69111630d8599dacdb4710373322 (2 x ValleyRAT, 1 x CoinMiner)
ssdeep 393216:bi66R0E79sxL5pSZ1WxABbJ0Txsq0P0nToWzLVF:bidA5pbxA1STmP0EWD
Threatray 28 similar samples on MalwareBazaar
TLSH 08F633C1E4D163CDE523E0F04B76ED34D466ECECA90A844B06EDED2B797369B244906E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Trojan.MulDrop12.10043.1891.32479.UNOFFICIAL
Create hunting rule

PUA.Win.Packer.Armadillo-65
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Forced system process termination
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Creating a file in the %AppData% subdirectories
Creating a window
Launching a process
Sending a UDP request
Connection attempt
DNS request
Sending an HTTP GET request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.spyw.evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/410062
Signature
Contains functionality to compare user and computer (likely to detect sandboxes)
Contains functionality to infect the boot sector
Contains functionality to register a low level keyboard hook
Contains functionalty to change the wallpaper
Searches for specific processes (likely to inject)
Sleep loop found (likely to delay execution)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee/
Threat name:
Win32.Trojan.Graftor
Create hunting rule
Status:
Malicious
First seen:
2020-07-18 20:54:29 UTC
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
4e8f1cfc39def8ec0ae1bd1a40636cdf68afa5a73a8f221d646edc5897b1eca7
5ecae17b09c610045bcd3d9daec1b89178b4b1e6cdb9d0a50285166888087d71
6269fd417f93e7c0d7cab576b35dc3b6f6a58c0f04e75533bad84987c228f0e6
77d83370f3109b9a0c199c60870edd92184c170abfc2f1817cd625245fcfae10
ab6bbb348634bfb3df677d9b6c1c9ae03d1fe404847cb2e688ad88d978f67188
bc87f6ec38d359fdd4ddf35c345e4e82dc1235c3fc3e9fbb38df5ff778448375
d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272
e7d2deba4fccbea79ffa209ebe0ce49f98aecfb340c8d6ec3ea1773cb12cb07e
e9056b5596854e3473033e3b28577c83a70f1b5be20e4b1cf529688ad7591b70
+ 18 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/200805-xz4w2den46/
Behaviour
UPX packed file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/424543/
  
Delivery method
Distributed via web download

Comments