MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 081d46c9eae290ad95937c1e87ac2fbae0b345ca7d00a4fe7d5ed8384d200ac7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 081d46c9eae290ad95937c1e87ac2fbae0b345ca7d00a4fe7d5ed8384d200ac7
SHA3-384 hash: 17db04055d36f5dfd74d34da7b7e760b7d27b8c4e2062a83d3eab692fd76d11d245ce0411c1c80e8c45d1aafb94a2c09
SHA1 hash: 0ff2e0829833aa322ac75d1c7d18bc06304fecc7
MD5 hash: 16a784f0bc650f261cc77be66df1bcbf
humanhash: pip-ten-xray-india
File name:16a784f0bc650f261cc77be66df1bcbf.exe
Download: download sample
File size:351'232 bytes
First seen:2021-05-27 12:49:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 556bc424bd608c9e064a122699e67eca (7 x RaccoonStealer, 6 x Stop, 1 x CryptBot)
ssdeep 6144:O6+TdqXlE7/wVIEwg+6TWwxnSks5SzL482DTR9Znk9OGer:O6+Tdqa7oBwg+6HIkGSPO1nYB
Threatray 177 similar samples on MalwareBazaar
TLSH DA749E3167E0C039F1F362B449B59379A53A7EE26B3491CF52D13AEA5A316E1AC30743
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
16a784f0bc650f261cc77be66df1bcbf.exe
Verdict:
Malicious activity
Analysis date:
2021-05-27 16:37:04 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/4686ea0e-c70d-4e3d-9f42-78b08a534963

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/162701/
Detection(s):
Win.Ransomware.Gandcrypt-9865158-0
Create hunting rule

Win.Ransomware.Gandcrypt-9865160-0
Create hunting rule

Win.Packed.Gandcrypt-9865196-0
Create hunting rule

Win.Packed.Generic-9865218-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
DNS request
Sending an HTTP GET request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/793217
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/081d46c9eae290ad95937c1e87ac2fbae0b345ca7d00a4fe7d5ed8384d200ac7/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-05-27 07:54:02 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
43eb032fa36ff0b40420df7d5fa121910ec02ba7ba03581a5a7188939ddc24ee
533ae8a3da85287304c89e2758f9bd5e54c586b2c13a152e34033d1884eb7d16
9459c29cbd2a32118375f6476421a3df233c80c289a163793d560f8b7c693848
9c8057521a53904ce86837434f6ca9075fea66d1c31914db6a6b49f68649191f
a17bb3e305532ac8e6dd2785ae50cf5f18a3de6a9ea2a4b75ea841b66ba94509
a5e79ae2f930e6ae8ba7057f14c5b96a7962c0720ddd040a655e59c8dae4b959
c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72
c70a67a13b5977d741ed50e16b2a6817b8280cd28254ad01a562e0c114757652
dab1943418275fa0a684702d291fa2fd693bebc19b99f7af9ad8dc3dd0a47cb5
fb5d2b6d9ec1b9c07e64f6b9eb148099f0b43d58dc867102c02b16a9a9152022
+ 167 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210527-jcc1by9q56/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/081d46c9eae290ad95937c1e87ac2fbae0b345ca7d00a4fe7d5ed8384d200ac7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 081d46c9eae290ad95937c1e87ac2fbae0b345ca7d00a4fe7d5ed8384d200ac7

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/162701/
  
URLhaus
https://urlhaus.abuse.ch/url/1288301/
  
Delivery method
Distributed via web download

Comments