MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417
SHA3-384 hash: 246582233685fc552d0950bdde9c9a5c4b20446eec415525e3d9653140897a5cf5b732bfd82b00f6bbc0b5d0e5be5312
SHA1 hash: 9e2392716e84b90c2c822b8a73b741af6ba02331
MD5 hash: 4506d15d2b790734ca655cfc5b79f778
humanhash: west-red-beryllium-saturn
File name:3101.gif
Download: download sample
File size:243'200 bytes
First seen:2021-02-01 16:07:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 3778a10b1b40820d0b6c380e4a7bcab2
ssdeep 3072:nDjehmqPKDfx57RDQKIVfpWiHoZhrjz/+R8Aeit1nl0L4H8Y01kyj8pFrYq02mLx:nDjYVPKrrRUthZyhXzse2021JL02e
Threatray 54 similar samples on MalwareBazaar
TLSH 3D345A30EBA0D031F1B712F859B5827CAA393EE1A73490CF42D526EA56346F9AC31757
Reporter malware_traffic
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3101.gif
Verdict:
Suspicious activity
Analysis date:
2021-02-01 16:07:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8c155c49-7d5e-4472-91d3-77d6ab0b3053

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/114978/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a process with a hidden window
Sending a UDP request
Sending a custom TCP request
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/595546
Signature
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-02-01 16:08:11 UTC
AV detection:
10 of 46 (21.74%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
003bd2ca89efc808a6f5e607f1d19c2d5ca1d629dfef3f324a9fbea0ce933fd7
4c04dce0d2aa3fbecd1951f680bff98c2c8c11af54103e6e0aa0bb358a5c0824
9356e204a3bab01044003d58937be31f0edfae7ea5c790916178ce1a8d6173ff
9c7b166c818edf7bda6a112376c7bb20dd704ac9eb74be1d387af077a82dc620
a2eaa3485a9efff93e652cb5e3fef2bddaa1e631d2abc258a66f3d3b7f09f3de
c1d31fa7484170247564e89c97cc325d1f317fb8c8efe50e4d126c7881adf499
d28966990ec27ae9250c919dd814cd1862e9e0e6b6f31a5418ab58de8ebe446a
d5ea30279fc37436f63d3c6275aad6a2c8abdcd32e10888200fae3e986cb9626
efdc1489d1024ba19acaa9a86fb0750446896947a563e6d89739254d8250a932
f57aff01f0d6a36bddeb8e7bbf8b33874c47a58d7827399c823424866aee33dd
+ 44 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/210201-ypnd28g4l6/
Behaviour
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Unpacked files
SH256 hash:
114e10d27381de27f9442d15a57fd5a4afec3e287176cd793d7cd1689e96cf17
MD5 hash:
7aa1718c226d359f3a61efc4fd7119b0
SHA1 hash:
71da605e6bfafa93c2b7ec68e99b35cce6107fb2
Link:
https://www.unpac.me/results/ff61218c-5a9f-4023-bf20-bbc34896e975/
SH256 hash:
61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417
MD5 hash:
4506d15d2b790734ca655cfc5b79f778
SHA1 hash:
9e2392716e84b90c2c822b8a73b741af6ba02331
Link:
https://www.unpac.me/results/ff61218c-5a9f-4023-bf20-bbc34896e975/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/61499704920ee633ffb2baab36eb8eb70d5e0426bca584f9a4a872e4b930c417

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_PWSH_Downloader
Create hunting rule
Author:ditekSHen
Description:Detects downloader agent, using PowerShell

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/114978/

Comments