MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

YoungLotus

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4
SHA3-384 hash:	bd943fa1d54979a9f139db4beb6f05719ba994b1dbd95a348cc93d55c2dc99ec01a671d1bed38534b18c443aa3f0673c
SHA1 hash:	edd15437be63392c7cd332919c332029a2240dd0
MD5 hash:	d96987f5e2f64b880cfb3a7de05ff0ef
humanhash:	nine-october-india-nitrogen
File name:	最新黑马股市料.com
Download:	download sample
Signature	YoungLotus Create hunting rule
File size:	637'064 bytes
First seen:	2021-06-07 22:07:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	b1c0d1d42a0924ee4f46344440b6e9de (1 x YoungLotus)
ssdeep	12288:PRLU5FKrCc75CDUTOpI6Vi2+D7W2hJntw6icIS7ZRiL9NhUbl+iT14RaWd0EyRoh:pLPX75CQTO+6H+D7h06ivQRiL9NhUbl6
Threatray	7 similar samples on MalwareBazaar
TLSH	9FD4BF103BC2D0B6D5E205725B87C69AB6BABD537F2762937BB13B0E4E301C29635B50
Reporter	ActorExpose
Tags:	exe younglotus

Intelligence

File Origin

# of uploads :

# of downloads :

206

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

最新黑马股市料.com

Verdict:

No threats detected

Analysis date:

2021-06-07 22:08:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/13d1c064-b040-49a2-951c-c160830c8aa6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/165106/

Detection(s):

SecuriteInfo.com.Troj.Kryptik-XM.26374.17664.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

FatalRAT

Detection:

malicious

Classification:

bank.troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/798393

Signature

Changes security center settings (notifications, updates, antivirus, firewall)

Checks if browser processes are running

Contains functionality to access PhysicalDrive, possible boot sector overwrite

Contains functionality to automate explorer (e.g. start an application)

Contains functionality to capture and log keystrokes

Contains functionality to detect virtual machines (IN, VMware)

Contains functionality to determine the online IP of the system

Contains functionality to infect the boot sector

Contains functionality to inject threads in other processes

Creates an undocumented autostart registry key

Drops executables to the windows directory (C:\Windows) and starts them

Found malware configuration

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Tries to delay execution (extensive OutputDebugStringW loop)

Yara detected FatalRAT

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4/

Threat name:

Win32.Trojan.Antavmu

Status:

Malicious

First seen:

2021-06-07 21:29:56 UTC

AV detection:

18 of 29 (62.07%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=fwiaee22loc3h44wf2vulbm7dzm5edpno4nzj4hbcj6gyfrmwd2a._file

Verdict:

suspicious

YoungLotus

210990e36122e0facc7c74373569f052fa0651ab06644330fe00b685793ee0fd

YoungLotus

6e406696172c35ffeb20528df4a002746a6c8c01016c33530b7d7d210ad8ebfc

YoungLotus

b01719e59675236df1a0e1a78cdd97455c0cf18426c7ec0f52df1f3a78209f65

YoungLotus

be17d0aae808adf3e8030e73726ee59924b9b7bb72163d32cff6848a3c964520

YoungLotus

e52af19dce25d51f9cf258613988b8edc583f7c7e134d3e1b834d9aab9c7c4c4

YoungLotus

ec0dcfe2d8380a4bafadb3ed73b546cbf73ef78f893e32202042a5818b67ce56

YoungLotus

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210607-47drez6ty6/

Unpacked files

SH256 hash:

232a57288c47eb7b230085df58a43540442647ac8c79f7c4e12285be20bb345d

MD5 hash:

6a51965ac9f2b5cc9fbacd0ae9aa860c

SHA1 hash:

16de5ee6ce79acc88aa6f13642c291e953585c1b

Detections:

win_younglotus_g0

Link:

https://www.unpac.me/results/e41d5e0f-1c06-44e7-a6ff-f1ffa6fd11cd/

SH256 hash:

2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4

MD5 hash:

d96987f5e2f64b880cfb3a7de05ff0ef

SHA1 hash:

edd15437be63392c7cd332919c332029a2240dd0

Link:

https://www.unpac.me/results/e41d5e0f-1c06-44e7-a6ff-f1ffa6fd11cd/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2d9002135a5b85b3f3962eab45859f1e59d20ded771b94f0e1127c6c162cb0f4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/165106/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample