MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42
SHA3-384 hash: ee7bb816f9b4bad72e3f8c9a8e32e724c83a3dcc149c7b8db8b3186715c616edddeabd99cda06eae25021a5853c1e271
SHA1 hash: 92b511f6a2dc3d9ce749b50122ab633a978c3759
MD5 hash: 2c3c5b6f3781e43f1732f8cfa47781c2
humanhash: island-november-high-network
File name:hpqhvsei.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:929'280 bytes
First seen:2021-02-12 08:57:23 UTC
Last seen:2021-02-12 11:00:28 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 1c7e6223b16bbee134582bfa1fca4130 (2 x YoungLotus)
ssdeep 12288:OGn/eW8j2gQx9E0Ye8xJT56z0FNImlIfMi+v7zJYOJxk:1fgQ80Ye8xJAzH+v7z6OPk
Threatray 11 similar samples on MalwareBazaar
TLSH 23154B91A682903EE4BB3F321C74B6B21F6D79A03B6697D3134416321FA52C1EE31F56
Reporter r3dbU7z
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
3
# of downloads :
133
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116897/
Detection(s):
PUA.Win.Adware.Domaiq-6840275-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/606617
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 352340 Sample: hpqhvsei.dll Startdate: 12/02/2021 Architecture: WINDOWS Score: 60 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Machine Learning detection for sample 2->21 6 loaddll32.exe 1 1 2->6         started        9 loaddll32.exe 1 2->9         started        process3 dnsIp4 15 43.254.217.187, 1521 CLOUDIE-AS-APCloudieLimitedHK Hong Kong 6->15 11 rundll32.exe 6->11         started        13 conhost.exe 9->13         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 14:40:41 UTC
AV detection:
29 of 48 (60.42%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
YoungLotus
1876e6fe34192e24fcb2245199c99a6735a6424151044564506b14bd670e1f91
YoungLotus
2addf0687e15d5da150548c7dd1d27bd3138b8ed464e0fe8cc6d091e34842ed3
YoungLotus
5e5f8efd6ced3f58cc5212b0f68a8badb9419b87a99fa1683ecc2f49e5103c1d
YoungLotus
66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
YoungLotus
695dbd8c8d80719168bb3987b62fa5348f480ce00f4afbe54efae3a647fc2552
YoungLotus
97a6d37991a271facf6254ac7e4f4072bb3718cdc01c2fc8d92e3953a3f8b453
YoungLotus
b0e5fe8c3639e8e3777da2130157bb13b2ee8c99bd4929ed2d245e49ccee19c4
YoungLotus
bda9ac7c976d4077921a53b7b178aa402254d9e1e81a3eb7a5cc462982df9f0e
YoungLotus
d05821af6ec028f7f37738d83f4628e7dfbee77f7603478a5c13da68744794d9
YoungLotus
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210212-nzqlf9n4ka/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
448a7c23ef214047b78a45504d8e90c66f88a06c7c6ae6994de76c1ea86e73cc
MD5 hash:
764ce39378bdb778a1e72db11f23d556
SHA1 hash:
bcc632174d7d837d239707e5f5eff44a9876b287
Detections:
win_younglotus_g0
Create hunting rule
win_younglotus_auto
Create hunting rule
Link:
https://www.unpac.me/results/27b6ac5e-0128-4411-948e-e183d35c030b/
Parent samples :
1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42
b65776ee765163d76689852aa6e04a614663c762a2ffca103f5faa4cdb5759fd
b2fb16cdb1700f495f93d93ff1ec622581c0e829f617932767cd926dbaee6d76
5bfa97b6f9a50bd8062d57b59590dfc0ae18b2b810d102e41c40042a253b8168
7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa
SH256 hash:
1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42
MD5 hash:
2c3c5b6f3781e43f1732f8cfa47781c2
SHA1 hash:
92b511f6a2dc3d9ce749b50122ab633a978c3759
Link:
https://www.unpac.me/results/27b6ac5e-0128-4411-948e-e183d35c030b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_younglotus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116897/

Comments