MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Drolnux


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0
SHA3-384 hash: 65327ee9a248a77f8d76f9b6a89258aad602ef9b56cb8e3b86307b1223369c768c7a2df9933f37d7d81ee3794565ba26
SHA1 hash: 0c3355e9bca761adac85f34c94936bc55fd5c6b5
MD5 hash: fab80b296f8929093f05700ba1f8a110
humanhash: happy-king-may-fruit
File name:3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0
Download: download sample
Signature Drolnux
Create hunting rule
File size:496'684 bytes
First seen:2020-11-07 20:02:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6083e536d6342c425a7dad4bdc72272 (67 x Drolnux)
ssdeep 12288:wWycFwLD1PEsiuyFC/rTUPJE4FkjcGwGUB3Dow+DI/rV8x:jgEsij5Go3Dkss
Threatray 33 similar samples on MalwareBazaar
TLSH 61B49D8AF1E99DE1CE364FB2D0A737785863203DFE58901C0E89AA561F9EC05477BE14
Reporter seifreed
Tags:Drolnux

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Worm.Drolnux-9781898-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
DNS request
Sending an HTTP GET request
Setting a keyboard event handler
Creating a file
Launching a process
Creating a process with a hidden window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Sending an HTTP GET request to an infection source
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=hpbx57vg7zvbhcqflswqwacdiq54vfckj5u4ethlyf33zmgmhtya._file
Verdict:
malicious
Similar samples:
18c5cfc41048622d885c6a5e5f77f33a2c1479135b22da152e6345eea5b3e459
Drolnux
3a16c35b4f5b5312fa59c3a52af7be3ee063f306687df05f304747e6d0ead141
Drolnux
536db2930da96c059b10843fbb82ca8b53e3b10da458344d63c7fc5417a08fc4
Drolnux
6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215
Drolnux
7b7d8033c748ec5df4661bb07ba4829a6398763ba4d8d668c3fbc389ccbc454f
Drolnux
80251c02d6661dd5db4cb2d65e52ff66b9abd48d717106ff0df3ad75f343c7f8
Drolnux
aa6034f866e0345f7cea6a6e519785dcd7dac83d369031e30562b470f5c98ff8
Drolnux
acf48b6325bfa159abe2a25c35ecf82bd94b6170d7687e4a1ff51ffd2c818f75
Drolnux
efe2c7609b02b8e0adf87b410065a3f6d4c0071fdc9c9b08719e0e62b25d96eb
Drolnux
f9d9f5051fcc32e496d5a1ca1ced94e045cd75e7607f328727469de7482174d4
Drolnux
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201108-lwg4pbpme6/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Embedded_PE
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments