MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f
SHA3-384 hash: c7fa7f80407ece8ecb55274af3a8695b010bec114aaa0c0fc20e4e2043b8e64e76db1e7c544348bc857e5d53021fc1ef
SHA1 hash: f476e5ca0630b595a0aa3db0dc1ba083a4eae56a
MD5 hash: 8c1894f9775c67ae2fb2bc2ed7af6332
humanhash: early-ohio-enemy-crazy
File name:SecuriteInfo.com.Mal.EncPk-APW.18663.22850
Download: download sample
File size:840'704 bytes
First seen:2020-11-25 13:39:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 83a89b747c6a4b00f074dbed6d2ecf6c
ssdeep 12288:Ou2MzBQXwIXQEsTEdZHyDBvDVnC6AK6/wi79+QPe:ORM0vXQE4/BLk53wiQ
Threatray 3 similar samples on MalwareBazaar
TLSH A2059EBDD306F016E1EC1B7052E36B56363348E43262100A86F15FDE7E9A3A67E1BB45
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105632/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/546983
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 322597 Sample: SecuriteInfo.com.Mal.EncPk-... Startdate: 25/11/2020 Architecture: WINDOWS Score: 84 32 g.msn.com 2->32 36 Multi AV Scanner detection for domain / URL 2->36 38 Antivirus detection for URL or domain 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 2 other signatures 2->42 8 SecuriteInfo.com.Mal.EncPk-APW.18663.exe 15 2->8         started        signatures3 process4 dnsIp5 34 4cnx9s25gsvw.top 8->34 44 Detected unpacking (changes PE section rights) 8->44 46 Contains functionality to detect sleep reduction / modifications 8->46 12 cmd.exe 1 8->12         started        14 cmd.exe 1 8->14         started        16 cmd.exe 1 8->16         started        signatures6 process7 process8 18 conhost.exe 12->18         started        20 reg.exe 1 1 12->20         started        22 timeout.exe 1 12->22         started        24 conhost.exe 14->24         started        26 reg.exe 1 1 14->26         started        28 conhost.exe 16->28         started        30 timeout.exe 1 16->30         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 11:23:22 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3461afe65091162758a5b7674b8ed0dfa30aab0872208172254abbeb1865c421
854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422
f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-qaq5dsw5wa/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: RenamesItself
Program crash
Unpacked files
SH256 hash:
19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f
MD5 hash:
8c1894f9775c67ae2fb2bc2ed7af6332
SHA1 hash:
f476e5ca0630b595a0aa3db0dc1ba083a4eae56a
Link:
https://www.unpac.me/results/0fbf3fa4-c3c1-473a-bc09-dad05a8cacf8/
SH256 hash:
5168be6a5c3b8f37a3644001d58f0abc6277b33e028423c10592eb53e7360c12
MD5 hash:
400141f8632c84b6ac2486d336b31913
SHA1 hash:
0855174fc7bf836d56d43063f83b2db445de9599
Link:
https://www.unpac.me/results/0fbf3fa4-c3c1-473a-bc09-dad05a8cacf8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Hiloti
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/852811/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105632/

Comments