MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a
SHA3-384 hash: 63ee7b56a062a4cfd407f71c9777b4e586aa975c10579fe45c119779d5392b6ff236bc2543c326aae8f111f007aff997
SHA1 hash: 8b20f11e27be02a8bda40ca9f48603e7adfd76de
MD5 hash: 43f089b7855dfe47e1dfe348445b5865
humanhash: glucose-london-stairway-winter
File name:BJEBEL9UBFA2EIDN5GRFS5C09QO1YYW0K19TF9E
Download: download sample
File size:8'926'208 bytes
First seen:2020-08-28 12:28:45 UTC
Last seen:2020-08-28 13:53:45 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 0c297071a71241817eac45378fe745b2
ssdeep 196608:sPIQTEJ9H8bwQyHQPnoyjraXmSs/UH4CJzRf/8zz6SIfLo:RspbwQpbi5s/UYC9N0zGS0
Threatray 3 similar samples on MalwareBazaar
TLSH 4796337740816ED3E27082BBBC279505D824BA36DB8296A9F46F17E4816B04DDFF4F60
Reporter JAMESWT_WT
Tags:Mekotio spy

Intelligence

File Origin
# of uploads :
2
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/52324/
Detection(s):
SecuriteInfo.com.Mal.Generic-S.26812.5570.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for analyzing tools
Searching for the window
Creating a window
Launching a process
Sending a UDP request
Changing a file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/453491
Signature
Hides threads from debuggers
Multi AV Scanner detection for submitted file
Overwrites code with function prologues
PE file contains section with special chars
System process connects to network (likely due to code injection or exploit)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a/
Threat name:
Win32.Trojan.Mekotio
Create hunting rule
Status:
Malicious
First seen:
2020-08-28 12:30:18 UTC
File Type:
PE (Dll)
Extracted files:
1
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30
99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab
d6ba040d10d1fb8e0f6a8b1d5378be566f6d3816bf1a00fb3e0bb6eed29346b2
Result
Malware family:
n/a
Score:
  9/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/200828-anw9dsfxfj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Program crash
Drops file in Windows directory
Suspicious use of NtSetInformationThreadHideFromDebugger
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks whether UAC is enabled
Checks whether UAC is enabled
Checks BIOS information in registry
Checks BIOS information in registry
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Scar
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/33ffacc3e517f4f1dad47f1ca28d26188e202d5e2e300e1e71bc0a57e682292a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/52324/

Comments