MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0
SHA3-384 hash: 2ebb5df6ebc409d09370d0f8165485dd5dd86b900bfa165e7da09cd7353f5619a4f01d5c4c8ff59e66676eac9be2da15
SHA1 hash: c13d0d669365dfaff9c472e615a611e058ebf596
MD5 hash: 01d8305b91524d83ccf2c26c1b3b7f1f
humanhash: hotel-romeo-bulldog-robert
File name:COVID-19 travel restrictions EU reviews list of third countries.exe
Download: download sample
File size:284'160 bytes
First seen:2022-03-23 13:10:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3dc55badccfd56f8cf3956b8b4ac055d
ssdeep 1536:12gJsu0QK6wYaEaclsMBcOcX5sWjcd8FwbqhM5CJkbCF1S:cLl6wQNbcXG+muM54Fo
Threatray 6'542 similar samples on MalwareBazaar
TLSH T1345482C0BB8ADC3BF494B534A6448120BD9EBFE5F9E24ACE259CF64A053178155F0D2B
File icon (PE):PE icon
dhash icon 74f4e4cceac2c4dc (7 x AgentTesla, 6 x AveMariaRAT, 3 x CobaltStrike)
Reporter Jirehlov
Tags:exe KorPlug

Intelligence

File Origin
# of uploads :
1
# of downloads :
204
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/256637/
Detection(s):
SecuriteInfo.com.Variant.Doina.31165.3947.30715.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/10885/overview
Behaviour
MalwareBazaar
CallSleep
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
cmd.exe greyware shell32.dll
Link:
https://www.filescan.io/uploads/623b1cbfb94fb38cb4d93c18/reports/1a315cdd-8181-4696-b561-f2b596ce9f48/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/963354
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0/
Threat name:
Win32.Trojan.Korplug
Create hunting rule
Status:
Malicious
First seen:
2022-01-26 11:09:10 UTC
File Type:
PE (Exe)
Extracted files:
47
AV detection:
21 of 25 (84.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
04fff548a2cd1d270da29dce776527f4a110fe9f8cbd80a49a39c40c55a47202
21a0f3536653eeaf96882f8b0ae61f7c203c57dc63da796dea0e8c43b47718b2
3e5f6d4c95535ba760f122c2dee3374850bd5c0587ebdd3adde2f52ce11c856c
4403f7b906a99f50c9d42c8d24b03e9daf0afdc52814e067c931411e41f1c7eb
5fcf5f6ab5218cdcc5745e391ff77ec1e7769134048c9f8432f1325f3c59dd5f
7010e15402dd81b0e1501490be034e92dc706ba28c38b6925dbd33e9ff45a5ad
8f7ecd2daaf1928bdcb388f57bc5f02874eee217f02e0bf4ce06d6566b97283e
a0fb8417720da120c09f19ad62030bf1dc7f51b74326582f2f9d4488d426a800
effd63168fc7957baf609f7492cd82579459963f80fc6fc4d261fbc68877f5a1
+ 6'532 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/220323-qex5xabagk/
Behaviour
Runs ping.exe
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Unpacked files
SH256 hash:
1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0
MD5 hash:
01d8305b91524d83ccf2c26c1b3b7f1f
SHA1 hash:
c13d0d669365dfaff9c472e615a611e058ebf596
Link:
https://www.unpac.me/results/0aa8951c-cb54-4c06-90fa-b066f470b032/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1b520e4dea36830a94a0c4ff92568ff8a9f2fbe70a7cedc79e01cea5ba0145b0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
Cape
Cape
https://www.capesandbox.com/analysis/256637/

Comments