MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Add tag Delete this sample Report a False Positive

SHA256 hash: 5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
SHA3-384 hash: 43efc0f0fb4ba58864ff3a19c9ff5c5e2a97974a00bf714b8f5275ac6e76ff86dd60138e95a7bd1f79a3a2f5fa497942
SHA1 hash: 04f9227cc3bfde5626be669be106a5d38f4416b1
MD5 hash: 83dd317c95f4acb8623d1f024945cfdb
humanhash: hydrogen-oregon-nitrogen-december
File name:5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
Download: download sample
Signature n/a
File size:4'890'624 bytes
First seen:2021-01-30 13:15:10 UTC
Last seen:2021-01-30 14:59:19 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 7438c2384f3e113e7ab9f88b1b5e5108
ssdeep 98304:jEn4O4Kkolx67k+Yj6i7SVSVSRDEdxA0L6EwSls/9kXUVje32C:jE4O4KW4rj6ESVSVSR/i6Ewb98d2C
Threatray 11 similar samples on MalwareBazaar
TLSH 2D36D001E7B1C039F5DB00FA827A423DAAB97671031495C7A3C06E996F66BE17E36713
Reporter @JAMESWT_MHT
Tags:Mingloa

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
IT IT
Mail intelligence
Gathering data
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114894/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/594592
Signature
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 346331 Sample: A8xYhQFvXo Startdate: 30/01/2021 Architecture: WINDOWS Score: 60 21 Malicious sample detected (through community Yara rule) 2->21 23 Multi AV Scanner detection for submitted file 2->23 25 Machine Learning detection for sample 2->25 7 loaddll32.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 rundll32.exe 7->11         started        13 rundll32.exe 7->13         started        process5 15 WerFault.exe 23 9 9->15         started        17 WerFault.exe 9 11->17         started        19 WerFault.exe 2 9 13->19         started       
Detection:
n/a
Create hunting rule
Link:
https://mwdb.cert.pl/sample/5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a/
Threat name:
Win32.Trojan.Mingloa
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 17:01:24 UTC
File Type:
PE (Dll)
Extracted files:
201
AV detection:
12 of 27 (44.44%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a
563ee97396c60bb7d587d98e95d68109cfe9b0a924860bee678e1e4da196bb64
6d2db66a98ec5730bdcbc41dc7c78210fe24fe48bf7e44b59ab01c2084900456
7a79f0c95e891b939e275fa19e641b676f2eb70471945fb3b15d6a649cafe071
a8fefe8e1f92a30d1cdd4e2e2afaacf08a02c8961f496ee16e89062417ec5f28
d8dbe0a74ff4d70f5633f8177f37c14cd1586d7a658ecf72d05f59261e8ad016
e0a34b9c420ddd930b3f89c13c3f564907dd948e88f668a0fe55ce506220bd73
f245e9b94930c77f626bdc4d74f7d03f48557cb206175876da42033186da6410
fa3b184df1f3b9ed637a7f8f9c557dca6871c7f150badb172947809bddf1c6d0
+ 1 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
bootkit persistence spyware
Link:
https://tria.ge/reports/210130-hgdpj221mn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Writes to the Master Boot Record (MBR)
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a
MD5 hash:
83dd317c95f4acb8623d1f024945cfdb
SHA1 hash:
04f9227cc3bfde5626be669be106a5d38f4416b1
Link:
https://www.unpac.me/results/e76673e9-28d4-43ef-924c-d19cbb86d6a8/
AV coverage:
17.14%
AV detections:
12 / 70
Link:
https://www.virustotal.com/gui/file/5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a/detection/f-5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a-1607426369
Threat name:
Muldrop
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/5b2f060f1512100a0d500312fa579cdad9d3ea101778838173aa7215cd39700a

YARA Signatures

MalareBazaar uses YARA rules from several public and non-public repositories, such as Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious proccess dumps they may create. Please note that only results from TLP:WHITE rules are being displayeyd.

Rule name:APT34_PICKPOCKET
Create hunting rule
Rule name:Email_stealer_bin_mem
Create hunting rule
Author:James_inthe_box
Description:Email in files like avemaria
Rule name:INDICATOR_SUSPICIOUS_EXE_SQLQuery_ConfidentialDataStore
Create hunting rule
Author:ditekSHen
Description:Detects executables containing SQL queries to confidential data stores. Observed in infostealers
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del
Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/114894/

Comments