MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b
SHA3-384 hash: 3c04fe18a8df3b806e6fc7532f37531565cfb36ad823bf31c867d5e6ed4a667c4e7042deec9b04cc948d727abd8ca345
SHA1 hash: efe2b4e074753acb4c442ac28fe8056a85fc0abf
MD5 hash: 00ad584be9009263ebaa6559bd8e4d43
humanhash: orange-island-oven-kitten
File name:00ad584be9009263ebaa6559bd8e4d43.exe
Download: download sample
File size:1'087'488 bytes
First seen:2020-11-28 11:12:58 UTC
Last seen:2020-11-28 12:44:51 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0347a4245bcd4027dc18f6a9d6e130c1
ssdeep 12288:ZH0pKsKapJRU+jLt10Z51WR6/9P057o28MMX56RRLIWi+497EhL:ZHxsRpzUkC/9PcoXNCph
Threatray 5 similar samples on MalwareBazaar
TLSH EC356CB9EA05B80BE25C1BB071E2563825339F94712C810A56B3BF9A3DF63E53D16F44
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
188
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105917/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/550075
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 324149 Sample: CEfjSivqpz.exe Startdate: 28/11/2020 Architecture: WINDOWS Score: 84 33 Antivirus detection for URL or domain 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 Machine Learning detection for sample 2->37 39 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->39 7 CEfjSivqpz.exe 15 2->7         started        process3 dnsIp4 31 4cnx9s25gsvw.top 7->31 41 Detected unpacking (changes PE section rights) 7->41 43 Detected unpacking (overwrites its own PE header) 7->43 45 Contains functionality to detect sleep reduction / modifications 7->45 11 cmd.exe 1 7->11         started        13 cmd.exe 1 7->13         started        15 cmd.exe 1 7->15         started        signatures5 process6 process7 17 conhost.exe 11->17         started        19 reg.exe 1 1 11->19         started        21 timeout.exe 1 11->21         started        23 conhost.exe 13->23         started        25 reg.exe 1 1 13->25         started        27 conhost.exe 15->27         started        29 timeout.exe 1 15->29         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-28 05:00:00 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f
3461afe65091162758a5b7674b8ed0dfa30aab0872208172254abbeb1865c421
854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422
8c68f921d6184b60b0677a50f79bb0131b837e04589ffb72ab50b2517001e793
f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201128-8bls72yxbj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: RenamesItself
Program crash
Unpacked files
SH256 hash:
59c92d833cc87db3d81c870977bce1a50f3408c98c574b8e0b3a241fd55a7c28
MD5 hash:
f339fd4aa72de137efb35668768a2b89
SHA1 hash:
9686d7cbb04bbfb5ad672b5b4e4b788ab5d29db8
Link:
https://www.unpac.me/results/bed7dc96-bd2e-4f5b-be3b-19c497f0f446/
SH256 hash:
3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b
MD5 hash:
00ad584be9009263ebaa6559bd8e4d43
SHA1 hash:
efe2b4e074753acb4c442ac28fe8056a85fc0abf
Link:
https://www.unpac.me/results/bed7dc96-bd2e-4f5b-be3b-19c497f0f446/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/852811/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/105917/

Comments