MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 607e4d4226a25bbb02d16909b1fb1b3ceac33d8dec5f03b15c754cb94cbb40ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 607e4d4226a25bbb02d16909b1fb1b3ceac33d8dec5f03b15c754cb94cbb40ea |
|---|---|
| SHA3-384 hash: | 8ad342140947456ccd79b3cee71892003d0b5a2b2d24895655ac115a8fae92b26efe486b2cd6380951453f2b28b4ea6a |
| SHA1 hash: | 72ebc9cf412956a05ff0417d85605c78ca1a985d |
| MD5 hash: | 984d08ed5227c95da214071e7603772a |
| humanhash: | lake-thirteen-neptune-maine |
| File name: | a26bd8381ced78f355830d5ee53b6278 |
| Download: | download sample |
| File size: | 385'026 bytes |
| First seen: | 2020-11-17 12:15:05 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b71ae52e8715ee7bfaa0c9df227db54a |
| ssdeep | 6144:OGMmg5N05oxsgwR8H6rHKJaUKmdICI0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:OGxgS+BwR8HAqJhdICa0npM4dl0v5JF |
| Threatray | 34 similar samples on MalwareBazaar |
| TLSH | D784BE86725C6EE2DF3A707B1CF7F6DC2890B5575929604D2898BBCAC50EE37848B1D0 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-11-17 12:18:21 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 24 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
n/a
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
607e4d4226a25bbb02d16909b1fb1b3ceac33d8dec5f03b15c754cb94cbb40ea
MD5 hash:
984d08ed5227c95da214071e7603772a
SHA1 hash:
72ebc9cf412956a05ff0417d85605c78ca1a985d
SH256 hash:
ddf32f09674dfc9d9961ce1960ee08a6d59f0b0f9d9613618fcd91cb230f08be
MD5 hash:
b9ec3e58d638c7da822e161b0d65f423
SHA1 hash:
662e35fd881553a46cbd08ff2e3533d7dc811127
SH256 hash:
f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca
MD5 hash:
e50a7d584c3072d164ca47778354b429
SHA1 hash:
07f147cbf132e1df28878c1272ea012eb33eee8b
SH256 hash:
f8c348f9b8254fb1db9773591869b2551fc8f08bfb737eaa143ac044370cd48a
MD5 hash:
0d26af5496b65dc71717c29bfccb1919
SHA1 hash:
0f73c7e1b7912c7fff38237634f1f528e75ab03c
SH256 hash:
af71c22593080b66e926062afca36e209015337d7d2ad87e12e8e79933adf0bc
MD5 hash:
ae6c84d927d2f6418db241db7e2679e2
SHA1 hash:
22d154ea484c5fb8a7f67c7a750f2aa96726f846
SH256 hash:
dd48b49932f662cb0280fbf308e6088da6b7e62d2dfd72a10383ed92bba5761f
MD5 hash:
1708658ffc86ac72436fc796f69c1b91
SHA1 hash:
d9422a9e677f9622f4f02cb27aa5a1fddf23a011
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.