MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff
SHA3-384 hash: 494da754a22b8f7362d0bf1cb774cafc9193520055d7c036a10f981f4fc9eb8f9e36773b85b4d05a2577a551d7639f2d
SHA1 hash: b354bff48359925f20bd424cd41d90118c788895
MD5 hash: 259adb6683b9f8872543a586f3e77fe0
humanhash: burger-mountain-black-magazine
File name:a1fad02e692bc29158dc63009358f807
Download: download sample
File size:192'513 bytes
First seen:2020-11-17 12:46:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 3072:15gbe/vX9WWRjD/Q8JH14tlgMOhhgrShnzRJ2k5O8dpFN4YsjQ+uKwIvZU:1S+X9HRPxmCcrSxR5OSBl1K7U
Threatray 41 similar samples on MalwareBazaar
TLSH 4E14AE11B260E847EA2D337259B902E5ADD3FB576D37F45F691C668B033A89912F8303
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9794901-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:51:16 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
473312ffebfedba134fb127faaccf6c0084c03d268f3f333e0722bff8cbaab3d
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-24ydmz5hjn/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff
MD5 hash:
259adb6683b9f8872543a586f3e77fe0
SHA1 hash:
b354bff48359925f20bd424cd41d90118c788895
Link:
https://www.unpac.me/results/f43f9dc3-34bc-4fd0-86cc-6776bc975daa/
SH256 hash:
ca1435a98ef9174b1663e4213aeb429c998d6757a575ec4f80dbcfb721a35c5e
MD5 hash:
e9bb95cc4cf2b7a64066cb555f5bf1de
SHA1 hash:
caf587fa150543b261a6908b492eef835a1a0aa3
Link:
https://www.unpac.me/results/f43f9dc3-34bc-4fd0-86cc-6776bc975daa/
SH256 hash:
6695048d449d344a623eaf35815b024b6190a3aaa07a3984b39ccdc3985cf286
MD5 hash:
268936e72593aeb1a86b788d7dae0954
SHA1 hash:
10e1689b1c5f698bd23cf1733ba9bd4eade79752
Link:
https://www.unpac.me/results/f43f9dc3-34bc-4fd0-86cc-6776bc975daa/
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Link:
https://www.unpac.me/results/f43f9dc3-34bc-4fd0-86cc-6776bc975daa/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments