MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd
SHA3-384 hash:	a9c0bd5991076c8df617db6d7679c81f38447d360f89d63dd615f79efc7586179c1bb07b5b7dea2ea29dd40efc156b5d
SHA1 hash:	76aa0640e312b6daa27adc77ac49523271dfd370
MD5 hash:	7947c5b373eaceb9ad9797824eb5d918
humanhash:	arizona-spaghetti-carbon-black
File name:	SecuriteInfo.com.Trojan.DownLoader36.19659.13625.24378
Download:	download sample
File size:	259'584 bytes
First seen:	2020-12-01 01:43:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	bf619d76c19cd1a95e5b7cbc638204ad
ssdeep	3072:PLZOqjlmwNTDfG+98DCmCESFBUNxx2oKGXzLX43TM44vG6hefWrYPAangX85tg1W:z9lP/7YC2g6N3KGj74w/umefWU4/k3
Threatray	9 similar samples on MalwareBazaar
TLSH	2F44D021B6E1C033D29746764925CB694A7BB8311F3996CB7BE006BD8F313D28A36347
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/106143/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader36.19659.13625.24378.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file

Creating a process from a recently created file

Creating a process with a hidden window

Running batch commands

Launching a process

Creating a window

Connection attempt to an infection source

Enabling autorun by creating a file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

96 / 100

Link:

https://www.joesandbox.com/analysis/551559

Signature

Contains functionality to inject code into remote processes

Creates an undocumented autostart registry key

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for dropped file

Machine Learning detection for sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd/

Threat name:

Win32.Trojan.MintDreidel

Status:

Malicious

First seen:

2020-11-30 23:37:14 UTC

AV detection:

24 of 28 (85.71%)

Threat level:

5/5

Verdict:

suspicious

100f3322fa66d60cb9a64e2cbcceb0a9558e65e600526fcbc25852d62940c7ea

2348533bdaabfe1f6418b36fa8e3aa06beb2317636a4cb6b0248bd4a01e51f95

4626980a591b50826c7ed3ba55812df592c8abd7e40131438d4faa0319aac7fb

92426fe39cddb0d10510d1a6d2d90600b651b55cdf7f441782b9b3ad7817f935

cea813cbef6581e0c95aacb2e747f5951325444b941e801164154917a17bfe71

dc5f40f99496a7140ea7722698f2de741fb00845c7791d78ec0ba90fc4a04490

ebbf1f05b4ebc687893c9989688b139424d0fe6242ab490c7282b7bd6299c187

fd865a95aba368c5bef303415ae32e89141cc10b2455e5e9cba721a79bb3b78b

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/201201-33917q3sfe/

Behaviour

Suspicious use of WriteProcessMemory

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd

MD5 hash:

7947c5b373eaceb9ad9797824eb5d918

SHA1 hash:

76aa0640e312b6daa27adc77ac49523271dfd370

Link:

https://www.unpac.me/results/38daf70b-246c-4d5e-88e4-ffd5b4c2f66f/

SH256 hash:

c81f27a34af933278aa36efc16e1665526a00d5b8913ab2530b4556173b475be

MD5 hash:

b9bf7278d38a66f52bad2055b361de4a

SHA1 hash:

a60a2b838268550036f529de715a3b34477f6bf1

Link:

https://www.unpac.me/results/38daf70b-246c-4d5e-88e4-ffd5b4c2f66f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Glupteba

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5f3431bc529690ba06a7a521cb8d08bbc7c3c770b5414e164f901b686f2921dd

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/871120/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/106143/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample