MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
SHA3-384 hash: 3e6551e8fe34cf699db6b2124352fdc8af594dd4830b34a8ace87073688b99add9733a78df5bdf49ed4a50c761f68dbc
SHA1 hash: 37fbcdc20fc34dd8c1b92edca38564dff870de95
MD5 hash: cd0717b9b3bed0a867d1bb336b4e3435
humanhash: artist-mirror-ack-eighteen
File name:194.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:158'720 bytes
First seen:2021-02-11 09:38:54 UTC
Last seen:2021-02-11 11:58:59 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 99d0f38cc6436928b989a72725a7e2dc (1 x YoungLotus)
ssdeep 3072:SjHRfBsOxEwETLtnEivJutqGrFwk3hy26zyKLWkG:SjHRpzSwCLtn1k3hy2iyo3G
Threatray 10 similar samples on MalwareBazaar
TLSH 7BF38D00B180C13DE9AF193D0D70F9A50BAEB960DA616ED727E456A91FB45D0DE30FA3
Reporter r3dbU7z
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116752/
Detection(s):
SecuriteInfo.com.Variant.Graftor.487949.24384.5413.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending an HTTP GET request
Creating a file in the Windows subdirectories
Deleting a recently created file
Sending a UDP request
Connection attempt
Replacing files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/605589
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2020-07-04 13:50:18 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ae633wxmytzix4ctzylehrfm3smsw5gr7z6vhr3edgriqbg5plea._file
Verdict:
malicious
Similar samples:
1876e6fe34192e24fcb2245199c99a6735a6424151044564506b14bd670e1f91
YoungLotus
2addf0687e15d5da150548c7dd1d27bd3138b8ed464e0fe8cc6d091e34842ed3
YoungLotus
31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778
YoungLotus
5e5f8efd6ced3f58cc5212b0f68a8badb9419b87a99fa1683ecc2f49e5103c1d
YoungLotus
66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
YoungLotus
695dbd8c8d80719168bb3987b62fa5348f480ce00f4afbe54efae3a647fc2552
YoungLotus
97a6d37991a271facf6254ac7e4f4072bb3718cdc01c2fc8d92e3953a3f8b453
YoungLotus
b0e5fe8c3639e8e3777da2130157bb13b2ee8c99bd4929ed2d245e49ccee19c4
YoungLotus
bda9ac7c976d4077921a53b7b178aa402254d9e1e81a3eb7a5cc462982df9f0e
YoungLotus
d05821af6ec028f7f37738d83f4628e7dfbee77f7603478a5c13da68744794d9
YoungLotus
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210211-kzyj5g1zq2/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
b53f932d1fa2c37b962461b1484f8020b21018c5b96961ebe643c09569aa78ba
MD5 hash:
14b8dce97aaa08648f51984999b384d4
SHA1 hash:
91fa464eec79111b555b36a141673b71f989d844
Detections:
win_younglotus_g0
Create hunting rule
win_younglotus_auto
Create hunting rule
Link:
https://www.unpac.me/results/f0286460-dc8f-4bc8-a337-f010e58f79ef/
Parent samples :
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
9f1052a754dc0ff5aa1689b68581b845996b9ee8cb94d4382ceebb0dfbaa0231
SH256 hash:
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
MD5 hash:
cd0717b9b3bed0a867d1bb336b4e3435
SHA1 hash:
37fbcdc20fc34dd8c1b92edca38564dff870de95
Link:
https://www.unpac.me/results/f0286460-dc8f-4bc8-a337-f010e58f79ef/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IPPort_combo_mem
Create hunting rule
Author:James_inthe_box
Description:IP and port combo
Rule name:win_younglotus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116752/

Comments