MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 288a42b03d1409ee289b7aa0896150467dc850fc56661c12d850114acaf88363. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 288a42b03d1409ee289b7aa0896150467dc850fc56661c12d850114acaf88363 |
|---|---|
| SHA3-384 hash: | 1f1ea9ee874a6cdd6882586bac0399ccbb89ddbf4fec5f0b77ecb0f084d3e5dacc41d09383e59fcccece7354ccf3ba89 |
| SHA1 hash: | 7429886345d24ffa8e23e0a257be528612878ba1 |
| MD5 hash: | bac2a5a291b6db5fa477abbf9f6db2ed |
| humanhash: | north-nebraska-coffee-alabama |
| File name: | bac2a5a2_by_Libranalysis |
| Download: | download sample |
| File size: | 2'935'345 bytes |
| First seen: | 2021-05-05 09:02:26 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 17ed737e8e77e97fd1eb6ad9ba5d3eae (2 x Stihat) |
| ssdeep | 49152:PEs1Y5W/x5W/b5W/p5W/S5W/f0g7mM+M6RkMkIM7I067T5W/q:PE2Y5WZ5WD5Wx5Wq5WmM+M6RkMkIM7mh |
| Threatray | 8 similar samples on MalwareBazaar |
| TLSH | 9ED59D12B7E8E575E0B601350D27E3348A7AFC216D0C6B0F7394795E6D78785AC2AB0B |
| Reporter |  Libranalysis |
Intelligence
File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file
Enabling the 'hidden' option for recently created files
Replacing files
Deleting a recently created file
Replacing executable files
Sending a UDP request
Enabling autorun
Enabling a "Do not show hidden files" option
Infecting executable files
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Autorun
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Changes the view of files in windows explorer (hidden files and folders)
Contains functionality to detect sleep reduction / modifications
Creates an undocumented autostart registry key
Creates autorun.inf (USB autostart)
Creates files in the recycle bin to hide itself
Drops executable to a common third party application directory
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Autorun
Behaviour
Behavior Graph:
Threat name:
Win32.Virus.Lamer
Status:
Malicious
First seen:
2020-05-03 08:11:36 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
Result
Malware family:
n/a
Score:
10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops autorun.inf file
Drops file in System32 directory
Enumerates connected drives
Drops startup file
Loads dropped DLL
Executes dropped EXE
Modifies WinLogon for persistence
Unpacked files
SH256 hash:
288a42b03d1409ee289b7aa0896150467dc850fc56661c12d850114acaf88363
MD5 hash:
bac2a5a291b6db5fa477abbf9f6db2ed
SHA1 hash:
7429886345d24ffa8e23e0a257be528612878ba1
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.