MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: 5028124ce748b23e709f1540a7c58310f8481e179aff7986d5cfd693c9af94da
SHA3-384 hash: 14a17cc45a69381a8b5db2869cb65d34cc8f52d607e723fcb69ea6de9e2ef6d6f7be75be0a03ce1f8abbd76854035d14
SHA1 hash: 855388d354f19322a722c6f9d01e574c9bbf19ae
MD5 hash: c149ef34c57e6f7e970063679de01342
humanhash: angel-football-cat-lemon
File name:flokibot_0.0.0.10.vir
Download: download sample
Signature n/a
File size:237'056 bytes
First seen:2020-07-19 17:15:42 UTC
Last seen:2020-07-19 19:13:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43e464016faeb4bab85676f508decd6e
ssdeep 6144:fI+tEyONB3jsoDpA14UBmXAO4UdWNgl4Q1dMl:g+tdWBpVM4UBqQScgSiq
TLSH DA34126BE8C70FB5E2EE34F1D2942692D0B940B23750AB77D7E2A3BD60115B032C655A
Reporter @tildedennis
Tags:flokibot


Twitter
@tildedennis
flokibot version 0.0.0.10

Intelligence


File Origin
# of uploads :
2
# of downloads :
21
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a window
Unauthorized injection to a recently created process
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Reading critical registry keys
Creating a file
Deleting a recently created file
Reading Telegram data
Sending a TCP request to an infection source
Stealing user critical data
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.spyw.evad
Score:
100 / 100
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2016-10-25 17:49:49 UTC
AV detection:
41 of 48 (85.42%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Deletes itself
Loads dropped DLL
Drops startup file
Deletes itself
Drops startup file
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments