MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 42037b4a472ddd39a76b92eb5eadddf373bfffe0d9166996ae6224a0363bc9d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 42037b4a472ddd39a76b92eb5eadddf373bfffe0d9166996ae6224a0363bc9d3
SHA3-384 hash: 5065264c3b2a4eb9d0bafe39471bd37047a1fe501aef4ba8587b807a031ac7407e85f0d7f315121e28013eb149f07bb9
SHA1 hash: dc2ea1f7c1b6b5ea6998bcc6f0db745a5531bc43
MD5 hash: d02f1ff60b9dc441a5fabf9057ba4560
humanhash: zebra-item-twenty-hotel
File name:grabbot_0.1.5.2.vir
Download: download sample
Signature n/a
File size:348'632 bytes
First seen:2020-07-19 17:36:20 UTC
Last seen:2020-07-19 19:21:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43d601eefdccebd7197a21af39badd97
ssdeep 6144:gEpzBGwwoOvt4JYS1FEsVAlESCFVdKyv6lr2h9kk6mI3OK4Ux+:Hgndty12s6wVdKk6YVHyZx+
TLSH 347402777C20DC35DB72DEB65898F2650E6A7A40AB29C5CB236417CC0626BD1FE389C1
Reporter @tildedennis
Tags:grabbot


Twitter
@tildedennis
grabbot version 0.1.5.2

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
64 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Bublik
Status:
Malicious
First seen:
2015-08-15 00:18:00 UTC
AV detection:
26 of 31 (83.87%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Program crash
Suspicious use of SetThreadContext
Checks whether UAC is enabled
Adds Run key to start application
Deletes itself
Reads user/profile data of web browsers
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments