MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0af71b99fba0fa729581578b23177f7cdd587b8188725316954acef07d6b6c99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0af71b99fba0fa729581578b23177f7cdd587b8188725316954acef07d6b6c99
SHA3-384 hash:	e15cd6602082405fc1193ab6e771d4796059af0718ddfd84d513ea22549fd9cc8549010a3ae50efcd8ce6c79e6ce50d2
SHA1 hash:	2bf74bc4f5d023ba61e4e2fd93b07406b85208ce
MD5 hash:	358e30faa200c4520329e6c7fbee3917
humanhash:	paris-zulu-saturn-alanine
File name:	a50c994a6fdf1e27d941874a3533f72f
Download:	download sample
File size:	385'026 bytes
First seen:	2020-11-17 14:13:36 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b71ae52e8715ee7bfaa0c9df227db54a
ssdeep	6144:Uv+GmjHzW3U9LcUpesjUaj0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:65mHH9Wxc0npM4dl0v5JF
Threatray	83 similar samples on MalwareBazaar
TLSH	1284BE4A737C7D46F97D323725BFB235A9D29A066D25E00E231C87CB4963D33889B921
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Packed.Razy-9786051-0

Win.Packed.Razy-9787418-0

Win.Packed.Razy-9789483-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching the default Windows debugger (dwwin.exe)

Replacing executable files

Creating a window

Moving of the original file

Deleting of the original file

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0af71b99fba0fa729581578b23177f7cdd587b8188725316954acef07d6b6c99/

Threat name:

Win32.Trojan.Glupteba

Status:

Malicious

First seen:

2020-11-17 14:15:18 UTC

AV detection:

26 of 28 (92.86%)

Threat level:

5/5

Verdict:

malicious

09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223

1393b26f14c305a285550d0020350f1710842bf8877337585c5016c30af393ab

37e4905b2ec87a3a30549d0202702eac2e4f8516195057846aacabd6469f4ce5

7cf2783daac9a0f94a2a7a7b9ddcfc53614042aec946718cf7bcd1a3e491c1a0

83b7795882150edb696797caf7164ada02b8818b5725457e8f198e58564710df

a5062f91de393ec4ef3d88d42a44948985d0ecf0dbc8f76f3a6ff92d279598d5

af9eb9e3503b1611d4c16861d860597c2e816e1971b4b6332d7ba202ea9b2594

c3fc242f919ef27d4c58f6ca5054050513f63c00be0b8136cef28d1f04344d31

fc1b51106633fe605d248dcb477e7533293e95b2d3e8fac9f4f6ac52130e8bb8

+ 73 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

9/10

Tags:

n/a

Link:

https://tria.ge/reports/201117-bjyw2vkhwx/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Suspicious behavior: RenamesItself

Suspicious use of UnmapMainImage

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Program crash

Deletes itself

Loads dropped DLL

Executes dropped EXE

ServiceHost packer

Unpacked files

SH256 hash:

0af71b99fba0fa729581578b23177f7cdd587b8188725316954acef07d6b6c99

MD5 hash:

358e30faa200c4520329e6c7fbee3917

SHA1 hash:

2bf74bc4f5d023ba61e4e2fd93b07406b85208ce

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

f6034a4227328ba93b5cc4092fdd623c6d7986c50b832b7c489a05deb7c86e65

MD5 hash:

964cb12c0ebadb541197e15e46727857

SHA1 hash:

91dbc7b0c726e47756f9a898c85ea2fd17abf48a

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca

MD5 hash:

e50a7d584c3072d164ca47778354b429

SHA1 hash:

07f147cbf132e1df28878c1272ea012eb33eee8b

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

e6da833484b10743c7d2f68a321295235e202e5d181d63f0498f091ce53c9730

MD5 hash:

178bdb8d1b8ea07c2ea840b77b4192e8

SHA1 hash:

57e8d480b4c6843c6cd5430f5735b602b4ff6762

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

2487ca5348ec5904e75e23d514650a19cf699ea54c669a7c853e61b98c29a6f2

MD5 hash:

c7b05bdcd5294299ca53d148d1d62a23

SHA1 hash:

73cd1ae77ea7908aedc77bb56f045b99c315d928

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

1a13140d7d2b24ac331d3462edb491177a54d726887d6f53f98d6c448ca19a7a

MD5 hash:

b34576d79bb6be72653cc3ccd3727970

SHA1 hash:

b67742b5d97f03922accd92d255c701b88877048

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

SH256 hash:

dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792

MD5 hash:

80ead838038a6cb8a90ed1ed4ff30d46

SHA1 hash:

c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7

Link:

https://www.unpac.me/results/7bd9f5b5-4ddf-4235-83e1-204d10f5e981/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0af71b99fba0fa729581578b23177f7cdd587b8188725316954acef07d6b6c99

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample