MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 560156770f423a19471fd1e0c78aa88bd6ff5f9c4cb2fa33587fe73804d4c08c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 560156770f423a19471fd1e0c78aa88bd6ff5f9c4cb2fa33587fe73804d4c08c
SHA3-384 hash: 04dcd4ae45db65aa1590a8d12e0dc363096561bb89fad66490ec49a0d1e778ab68b9b48056374a3cdae20356a61b3d70
SHA1 hash: 2e009c108e5baa928a235630faf7966b0ac3e39a
MD5 hash: 5fa17cd85eb41dde42e228923ec819d7
humanhash: blue-april-texas-indigo
File name:a66a5257bb6ee2e690450c48a91815d4
Download: download sample
File size:1'036'289 bytes
First seen:2020-11-17 15:59:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fb1256fab57d2dfd02791ec2cff51231
ssdeep 24576:83V8GEok7BnJdb/7dRVTibLaa/ZSL77Lv+f6T8E:8JtWBnJOKgwbD
Threatray 89 similar samples on MalwareBazaar
TLSH 1025CF5C23B286A7D037E73AD91ECB2E43C26C7C6AABD7A37215F5D235653909102336
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Malwarex-9792170-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
DNS request
Sending a custom TCP request
Creating a file
Moving of the original file
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/540934
Signature
Connects to a pastebin service (likely for C&C)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
PE file has a writeable .text section
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 319567 Sample: a66a5257bb6ee2e690450c48a91815d4 Startdate: 18/11/2020 Architecture: WINDOWS Score: 76 32 Multi AV Scanner detection for submitted file 2->32 34 Machine Learning detection for sample 2->34 36 Connects to a pastebin service (likely for C&C) 2->36 38 2 other signatures 2->38 7 a66a5257bb6ee2e690450c48a91815d4.exe 3 2->7         started        process3 file4 26 C:\...\a66a5257bb6ee2e690450c48a91815d4.exe, PE32 7->26 dropped 28 a66a5257bb6ee2e690...exe:Zone.Identifier, ASCII 7->28 dropped 40 Detected unpacking (overwrites its own PE header) 7->40 42 Machine Learning detection for dropped file 7->42 11 a66a5257bb6ee2e690450c48a91815d4.exe 14 7->11         started        14 WerFault.exe 20 9 7->14         started        16 conhost.exe 7->16         started        signatures5 process6 dnsIp7 30 pastebin.com 104.23.99.190, 443, 49751 CLOUDFLARENETUS United States 11->30 18 WerFault.exe 9 11->18         started        20 WerFault.exe 9 11->20         started        22 WerFault.exe 9 11->22         started        24 2 other processes 11->24 process8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/560156770f423a19471fd1e0c78aa88bd6ff5f9c4cb2fa33587fe73804d4c08c/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 16:07:40 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
032170e439e3cd6bc109ae3c7ff12ef8f29e6dd1f46d047da2d9041d892a63d1
07154d473fb63a6dae072ddd35ddd525aec37cc415fd5acad68ce8b400a79b70
1ebfad8fb0b23c73422d76527d9191dba2bdba248303ad05e884404fd133f7ae
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
3d4123b64abdd43b8b419e568239501feeb7201bf6bf97b4d6fba447a54d5115
4721929afd94b7a41b6e3a1085eb73f476c294699b772a72762f64601a06ae3f
533cbcd2a2040f4533cde89d485ad966de8ebbc902a493adc79bfa82d5497a15
6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986
adcce5fe632ba6788b2538936984ba41069b5302b2c0983018353d2358746dc2
b1f292df0cec2b326d9231003b603d80c5a41c0eebbd51e13ad6d57493a0ec8b
+ 79 additional samples on MalwareBazaar
Unpacked files
SH256 hash:
560156770f423a19471fd1e0c78aa88bd6ff5f9c4cb2fa33587fe73804d4c08c
MD5 hash:
5fa17cd85eb41dde42e228923ec819d7
SHA1 hash:
2e009c108e5baa928a235630faf7966b0ac3e39a
Link:
https://www.unpac.me/results/d00ee891-9304-40e1-942d-3170c0f104c7/
SH256 hash:
90aecc225b46612751d2668e9a424259f0490c507df915fc4bc3d225af0292e4
MD5 hash:
ff09def894224f39fc093eb89f0e948e
SHA1 hash:
aafb232a4866ed19ca4941906075f9d5a7f75082
Link:
https://www.unpac.me/results/d00ee891-9304-40e1-942d-3170c0f104c7/
SH256 hash:
389a149f5351575549b934eea04a33c6a5ca63287902b980fba0ebc562c91e76
MD5 hash:
c3aa0cb996876ee523836309fe47b119
SHA1 hash:
7f480727590fd7279ab6a92b7b7cc3d1cb2b0617
Link:
https://www.unpac.me/results/d00ee891-9304-40e1-942d-3170c0f104c7/
Parent samples :
b2488b2c5b57839b8dda99b6d19bfed796f37d4493c4ff82abb568ad1ae162b9
869235cd2119eb4c4e4bc58ee334517ea0b4c219c65ad2a9902cf025ae1cba5f
5a84d55c04129675dda9d2b83e254deceb8c0f9cf720afea60e5b2de4fbce2c7
bdc684dfd7854f15120612ef2dfe1c4314f4b0d017c8e09e807a5ad68cd9b2ac
6567ef2a99dbe0b79e954a0c5dd1c4b7c45a0fe2f0ad77a42ba07256ff069408
2a771b3df8f05f3872784c275c4e5fc9696eed8b418b1d774242b012e3d71048
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments