MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad
SHA3-384 hash: 962f590418b5a821f82b1cf5fda266d55b8efa518385fe9d1c21fcd877401f69975d2e9de570752838f67978ec6a4158
SHA1 hash: 3535b0cd19b70b588deb01c06a17cbfdb2725352
MD5 hash: 248f8a7e25319ba9e9dd9f8f830abf45
humanhash: blossom-eleven-ten-fillet
File name:a2183a7d8781cb5cf778db411916cecd
Download: download sample
File size:192'513 bytes
First seen:2020-11-17 12:04:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 3072:55NVLFKNQBBZa10m9Iy6JRq9mqo77rFW/E+eiSsvZU:53VLYNQpa1Tpm/TAFU
Threatray 39 similar samples on MalwareBazaar
TLSH B214BE8C7B239904EF5EF7B37C638080A8E0716D96D3662CA979B61E3BD22470E55C42
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9794901-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:07:04 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
05120de86620e0480b31518890f08c9bf085559ca566630ac5a17439984475ff
09afae7f6d16eccb54b77079119c4e18ac3470d6528fe5fbbd513e79d24b2223
2ba65c6392cdc7f34eaf9c35f66d0e51fd7b384220a6f4f24a789b8560b4369e
59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
607e4d4226a25bbb02d16909b1fb1b3ceac33d8dec5f03b15c754cb94cbb40ea
6186af3342ae4ac28333e6b5ecf3ddd4ca934924d3cfe99f2f12a1d865f438cb
76576816115e7934992e15abe252c6904835d10051382b0eb56abe42f4d94d54
86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035
a91d59c97ca82cdb4fc003a58f71e96d9006fd9de285b8b4b9292c334509e364
c48593dfc87f2be8fa0dd33decfe26210fecb999a4f8095b363d6df8153991b2
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-2r3acg3dk2/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
2ca57ebbf48c57749650c40d45af0dd53b38d8e82a9d3668548a81c678e3ebad
MD5 hash:
248f8a7e25319ba9e9dd9f8f830abf45
SHA1 hash:
3535b0cd19b70b588deb01c06a17cbfdb2725352
Link:
https://www.unpac.me/results/1ae20759-9dca-45f4-8348-ca1768dba44c/
SH256 hash:
44c8e59d1c83603e61a1dc18544ba89f52e1c2fab8985368510a632646e255a3
MD5 hash:
2f1900c21c559cfb95ec6b1a8ad7ddfe
SHA1 hash:
5ddcfda2367f705375cf5a21e05f9f0d1e0834e8
Link:
https://www.unpac.me/results/1ae20759-9dca-45f4-8348-ca1768dba44c/
SH256 hash:
568304b2a2a6fd3c7e8fc3ff25baf552a96b5b14ca773238dfb12ba4b19eedba
MD5 hash:
518ff73f8d16373d24a7bd42edeca95c
SHA1 hash:
ceec08c5166de06171168f6b0772cc5ced8cb39a
Link:
https://www.unpac.me/results/1ae20759-9dca-45f4-8348-ca1768dba44c/
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Link:
https://www.unpac.me/results/1ae20759-9dca-45f4-8348-ca1768dba44c/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments