MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f
SHA3-384 hash: e6b1b776758cfc52d092364d1a5998e41ceb41e80d7ec4e8b54d212770875ad2e6c3fad2fbbba2d2478c8d830c1e30ce
SHA1 hash: 5b2d2cd32cdf315be5d94887fb544fa6685335fc
MD5 hash: d9cb41f4223ec0b868545499f79a91b7
humanhash: delta-lion-sink-mockingbird
File name:d9cb41f4223ec0b868545499f79a91b7.exe
Download: download sample
File size:927'744 bytes
First seen:2020-12-02 15:33:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 095ede60e06329885131e92fa8266e38
ssdeep 12288:B328MMX56RRLIWi+4H0pKsKapJRU+jLt10Z51WR6/9P057syOi6:JXNCQxsRpzUkC/9Pcsni
Threatray 8 similar samples on MalwareBazaar
TLSH 9915AE3CE7069817F2AC2BB062E36B1535329CE47261011A96B35FDE3D967B87E17780
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106431/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/553755
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 325976 Sample: s4015Iy6eQ.exe Startdate: 02/12/2020 Architecture: WINDOWS Score: 92 33 Multi AV Scanner detection for domain / URL 2->33 35 Antivirus detection for URL or domain 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 2 other signatures 2->39 7 s4015Iy6eQ.exe 15 2->7         started        process3 dnsIp4 31 4cnx9s25gsvw.top 7->31 41 Detected unpacking (changes PE section rights) 7->41 43 Detected unpacking (overwrites its own PE header) 7->43 45 Contains functionality to detect sleep reduction / modifications 7->45 11 cmd.exe 1 7->11         started        13 cmd.exe 1 7->13         started        15 cmd.exe 1 7->15         started        signatures5 process6 process7 17 conhost.exe 11->17         started        19 reg.exe 1 1 11->19         started        21 timeout.exe 1 11->21         started        23 conhost.exe 13->23         started        25 reg.exe 1 1 13->25         started        27 conhost.exe 15->27         started        29 timeout.exe 1 15->29         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-12-02 13:13:45 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
100f3322fa66d60cb9a64e2cbcceb0a9558e65e600526fcbc25852d62940c7ea
19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f
3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b
3461afe65091162758a5b7674b8ed0dfa30aab0872208172254abbeb1865c421
854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422
8c68f921d6184b60b0677a50f79bb0131b837e04589ffb72ab50b2517001e793
e5b440a826d14744df920514f027f0871f84292d83b95b731eadfe3165117448
f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201202-7v3mq2c5e6/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: RenamesItself
Program crash
Unpacked files
SH256 hash:
26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f
MD5 hash:
d9cb41f4223ec0b868545499f79a91b7
SHA1 hash:
5b2d2cd32cdf315be5d94887fb544fa6685335fc
Link:
https://www.unpac.me/results/22479ce6-c463-471b-8e14-ea4f9fa21bab/
SH256 hash:
59c92d833cc87db3d81c870977bce1a50f3408c98c574b8e0b3a241fd55a7c28
MD5 hash:
f339fd4aa72de137efb35668768a2b89
SHA1 hash:
9686d7cbb04bbfb5ad672b5b4e4b788ab5d29db8
Link:
https://www.unpac.me/results/22479ce6-c463-471b-8e14-ea4f9fa21bab/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/852807/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/106431/

Comments