MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 37e4905b2ec87a3a30549d0202702eac2e4f8516195057846aacabd6469f4ce5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 37e4905b2ec87a3a30549d0202702eac2e4f8516195057846aacabd6469f4ce5 |
|---|---|
| SHA3-384 hash: | 3856cfb53730da2602b95c0549933c92d92b7bc82fc6cbe35a323e35a41bfc782cd8e6980e9787f29aceb2bc75952e26 |
| SHA1 hash: | f903054bcda614c828dd443cfe4f258de9f84a58 |
| MD5 hash: | a6516c3f3bf66b36c3f8136008074a10 |
| humanhash: | sad-asparagus-item-snake |
| File name: | a6516c3f3bf66b36c3f8136008074a10 |
| Download: | download sample |
| File size: | 385'026 bytes |
| First seen: | 2020-11-17 15:09:47 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b71ae52e8715ee7bfaa0c9df227db54a |
| ssdeep | 6144:q8BxPYyHgG83p0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:q8BxPTsn0npM4dl0v5JF |
| Threatray | 74 similar samples on MalwareBazaar |
| TLSH | B184BE83765C9C47CF3A7EB726797200ED919D1AE925A04E1528CB4B8713C3F5BCB1A2 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-11-07 15:24:21 UTC
AV detection:
25 of 28 (89.29%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
n/a
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
37e4905b2ec87a3a30549d0202702eac2e4f8516195057846aacabd6469f4ce5
MD5 hash:
a6516c3f3bf66b36c3f8136008074a10
SHA1 hash:
f903054bcda614c828dd443cfe4f258de9f84a58
SH256 hash:
eaa6cf80b77aafca23c6a323d2aeaff837c91f143b27bcfd2f8d57f5810fa1b0
MD5 hash:
5aa721b5383b9f0ffb9846769c7266e3
SHA1 hash:
1e5fa3f6b28231ff8107b8f911e560e89399bb8c
SH256 hash:
f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca
MD5 hash:
e50a7d584c3072d164ca47778354b429
SHA1 hash:
07f147cbf132e1df28878c1272ea012eb33eee8b
SH256 hash:
c8f8e94de131bba7d61a7a305ca7ed502ebe7728acb9beee9231cc0e7d7b556c
MD5 hash:
174f76a85c4e6785a79b49d93d06d246
SHA1 hash:
0ac94f368cd7dd45e793645c15cf4fbeb11d7cd2
SH256 hash:
0d90a2b9ea73f57208d19e3bc258e5f48c1eace08915a64da4d1b3b9f8e1c5ff
MD5 hash:
1b697960ff94c77f5f19ebd2fc7453cc
SHA1 hash:
cfb974d3983a479cf67bba0a23b8868d59d9a1f3
SH256 hash:
dc329419838734b9b03dd1b487e9aac5403b69812287bb594ce31c2b9e38a196
MD5 hash:
523242dabbafab431dbac4aca6c41e2f
SHA1 hash:
e53e5258d0d0c0f37fc0128c5d3feaaffb877fca
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.