MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments

SHA256 hash: 5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
SHA3-384 hash: 43efc0f0fb4ba58864ff3a19c9ff5c5e2a97974a00bf714b8f5275ac6e76ff86dd60138e95a7bd1f79a3a2f5fa497942
SHA1 hash: 04f9227cc3bfde5626be669be106a5d38f4416b1
MD5 hash: 83dd317c95f4acb8623d1f024945cfdb
humanhash: hydrogen-oregon-nitrogen-december
File name:5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
Download: download sample
Signature n/a
File size:4'890'624 bytes
First seen:2021-01-30 13:15:10 UTC
Last seen:2021-01-30 14:59:19 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 7438c2384f3e113e7ab9f88b1b5e5108
ssdeep 98304:jEn4O4Kkolx67k+Yj6i7SVSVSRDEdxA0L6EwSls/9kXUVje32C:jE4O4KW4rj6ESVSVSR/i6Ewb98d2C
Threatray 11 similar samples on MalwareBazaar
TLSH 2D36D001E7B1C039F5DB00FA827A423DAAB97671031495C7A3C06E996F66BE17E36713
Reporter @JAMESWT_MHT
Tags:Mingloa

Intelligence


File Origin
# of uploads :
2
# of downloads :
128
Origin country :
IT IT
Mail intelligence
Gathering data
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 346331 Sample: A8xYhQFvXo Startdate: 30/01/2021 Architecture: WINDOWS Score: 60 21 Malicious sample detected (through community Yara rule) 2->21 23 Multi AV Scanner detection for submitted file 2->23 25 Machine Learning detection for sample 2->25 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        process5 15 WerFault.exe 23 9 9->15         started        17 WerFault.exe 9 11->17         started        19 WerFault.exe 2 9 13->19         started       
Threat name:
Win32.Trojan.Mingloa
Status:
Malicious
First seen:
2020-12-08 17:01:24 UTC
File Type:
PE (Dll)
Extracted files:
201
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
bootkit persistence spyware
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Writes to the Master Boot Record (MBR)
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
MD5 hash:
83dd317c95f4acb8623d1f024945cfdb
SHA1 hash:
04f9227cc3bfde5626be669be106a5d38f4416b1

YARA Signatures


MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:APT34_PICKPOCKET
Rule name:Email_stealer_bin_mem
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:Ping_Del_method_bin_mem
Author:James_inthe_box
Description:cmd ping IP nul del
Rule name:with_sqlite
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments