MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58
SHA3-384 hash: d501124901e7cb20d6400bd0e5568cb9c22f259729fcbb429648404665f0483c56798a22340ae201b48e7355fc57ee40
SHA1 hash: b8d4fc5eb62253deb7073c54d7edb5d4ce30724e
MD5 hash: f43b6986bab13a9c06a216d5a085ab11
humanhash: mike-low-early-speaker
File name:X8LOP8PPE5F40PANT4QBPFHEY7
Download: download sample
File size:11'595'776 bytes
First seen:2020-11-17 14:13:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 90b1e4f00cdb5f771a950f333045292e
ssdeep 98304:uGXz+ouGvNU6oFidymyS9nvRx14TDquh5Ue5lqzQO+EBeqnXlUwd8NsesECa4:umb2ZmyS9nvJsqi9XMlqqnNd8Nss4
Threatray 4 similar samples on MalwareBazaar
TLSH 64C6AE7F7594923DC01DC17EC0538B80E533F97A1B32C5EBA29512B81F2A5C58E7EA29
Reporter JAMESWT_WT
Tags:dll italy Mekotio Multa spy

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Malware.Gamemodding-6726308-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58/
Threat name:
Win64.Trojan.Mekotio
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 14:15:11 UTC
File Type:
PE+ (Dll)
Extracted files:
1
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
057c4c59d55129c9c6877afc5f428c59f86645e244383ee777d7f62d067e286e
4e69e794a688f94bd865b9905f2e8cc84bf17d282020ff08f2f56b42f1ffd305
6bd76be4ebf2b1fa8a1580609fb475a10b669baa3d1744eaa58f3ec2df393dad
92956d8d80a5032afc293e59db2523f649227980524b55cfaf0402545bc57050
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-fzxqfpc7ba/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of NtSetInformationThreadHideFromDebugger
Unpacked files
SH256 hash:
4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58
MD5 hash:
f43b6986bab13a9c06a216d5a085ab11
SHA1 hash:
b8d4fc5eb62253deb7073c54d7edb5d4ce30724e
Link:
https://www.unpac.me/results/35bce070-0088-42c4-baee-0ce3fd26c14d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Mekotio
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4d45380cd5fdf967988c4f239f61827ad9a80a4d9abcfbddf6e656d9dcc50f58

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments