MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
SHA3-384 hash: dc5c16db74bface8315cdc15d4222d256d9ae21566a3e1aa8ed5d2d81b55b659940457864037f23ed18f455463f3a836
SHA1 hash: 879a6d4f7954a9fafd06bd3fe60a99858a4192ab
MD5 hash: a236185351074c462676234f27af1de2
humanhash: comet-delaware-yellow-diet
File name:a236185351074c462676234f27af1de2
Download: download sample
File size:192'513 bytes
First seen:2020-11-17 11:24:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 3072:ZxU+l3ElPv9/Zl7kjsIhGvsMUPAZgp80PYKWbjhpInh/RL5jR9svZU:ZxP3KXNnIjsIovsLu4fOjh+LBRSU
Threatray 15 similar samples on MalwareBazaar
TLSH 1D14ADA039708C11ED1FB5377AB5462DFD883EA5AB79EE3A18306547CAF122C7909DD0
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9794901-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 18:34:25 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
296b64f00dfe0aacad6cb5b400caf51f90f0129fb07e1afc71abc0d3a2b1b1a5
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-f12tqn9r9j/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
MD5 hash:
a236185351074c462676234f27af1de2
SHA1 hash:
879a6d4f7954a9fafd06bd3fe60a99858a4192ab
Link:
https://www.unpac.me/results/315da4b0-c5b0-44e9-ab25-ab6065953652/
SH256 hash:
6640c4e61682cc27faf14ec8bb2da42b3ac4a5b86b1e6d235cb5564fbfca4043
MD5 hash:
ad9fdd3aa099bceb55d904dee737ac38
SHA1 hash:
550cb10d45a7f3dbeea1fccc8b78804b1d5e81d2
Link:
https://www.unpac.me/results/315da4b0-c5b0-44e9-ab25-ab6065953652/
SH256 hash:
8d78e1b2ea56a1dc1a4c166d06e32a6d16899149503bd9dec0ee33282062c3fb
MD5 hash:
1e2d39ece211e37c1d90edb692b32c5c
SHA1 hash:
f6177bc3100ed2dfcea982dc085d1b251a9b37fa
Link:
https://www.unpac.me/results/315da4b0-c5b0-44e9-ab25-ab6065953652/
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Link:
https://www.unpac.me/results/315da4b0-c5b0-44e9-ab25-ab6065953652/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments