MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 08e12f6b9796ad1f47062ea86ec73c496028660f61a9917008cce9004fb1d48b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Vilsel

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	08e12f6b9796ad1f47062ea86ec73c496028660f61a9917008cce9004fb1d48b
SHA3-384 hash:	445f59da23221809ad79eff877ed8ff3b2d023360ff293d0431e6331a000f8fad25ccac3649332532679d7aae0aa8b67
SHA1 hash:	2d4419796833fbbf827788744e38d245c8667cf6
MD5 hash:	746b20d80f17dbc9a8fb8a44b648d9a6
humanhash:	california-bulldog-arizona-mirror
File name:	746b20d80f17dbc9a8fb8a44b648d9a6
Download:	download sample
Signature	Vilsel Create hunting rule
File size:	73'936 bytes
First seen:	2020-11-17 11:20:18 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	1639b1e17656fed4f63bac94cbb79cec (17 x Vilsel)
ssdeep	384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2A:ipQNwC3BEddsEqOt/hyJF+x3BEJwRrs
Threatray	5'056 similar samples on MalwareBazaar
TLSH	1773D643B792C680F5496179688387A96793FD71AE037A075150FF3F3AB39A04E91F22
Reporter	seifreed
Tags:	Vilsel

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Vilsel-4621

Win.Trojan.Vilsel-4622

Win.Malware.Vilsel-6804257-0

Win.Malware.Genpack-6989317-0

Win.Dropper.Razy-7605528-0

Win.Trojan.VB-61415

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Creating a file

Enabling the 'hidden' option for recently created files

Creating a file in the %temp% directory

Enabling the 'hidden' option for files in the %temp% directory

Moving a recently created file

Replacing files

Deleting a recently created file

Searching for the window

Creating a process from a recently created file

Creating a process with a hidden window

Creating a file in the Program Files directory

Creating a file in the Program Files subdirectories

Creating a file in the Windows directory

Creating a file in the Windows subdirectories

Changing the Windows explorer settings to hide files extension

Changing the Windows explorer settings

Blocking a possibility to launch for the Windows registry editor (regedit.exe)

Enabling a "Do not show hidden files" option

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/08e12f6b9796ad1f47062ea86ec73c496028660f61a9917008cce9004fb1d48b/

Threat name:

Win32.Virus.Lamechi

Status:

Malicious

First seen:

2020-11-06 21:11:00 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

10/10

Tags:

evasion

Link:

https://tria.ge/reports/201117-yw5m1l4d9a/

Behaviour

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System policy modification

Drops file in Program Files directory

Loads dropped DLL

Disables RegEdit via registry modification

Executes dropped EXE

Modifies visibility of file extensions in Explorer

Unpacked files

SH256 hash:

08e12f6b9796ad1f47062ea86ec73c496028660f61a9917008cce9004fb1d48b

MD5 hash:

746b20d80f17dbc9a8fb8a44b648d9a6

SHA1 hash:

2d4419796833fbbf827788744e38d245c8667cf6

Link:

https://www.unpac.me/results/1bc09118-9d1b-4928-ba97-05f2822dfc7d/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample