MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 629a413c87fe43667f39e89ec6314ec471bea166444c050375b6b56e1c00907b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Glupteba


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 629a413c87fe43667f39e89ec6314ec471bea166444c050375b6b56e1c00907b
SHA3-384 hash: 24d3013c8d47e4e01d2ff43856e3e03fe185e1bf1a454ea20df793c63fc27e73b2ce542a8a0d1f8d5122ef441304e64b
SHA1 hash: 60cd089b6f9a73b0f29b511f5a9fc4c15855cba5
MD5 hash: 0960d00f9971b8003e4bc193737f256e
humanhash: tango-fourteen-apart-violet
File name:SecuriteInfo.com.Trojan.SpyBot.954.27883.30065
Download: download sample
Signature Glupteba
Create hunting rule
File size:1'986'560 bytes
First seen:2020-04-15 15:49:18 UTC
Last seen:2020-08-11 15:55:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 24576:xSmGfYcp/V5puwlFSHiDVG6eNjlCPlcjv4shKtpquTebjLbX0CLlGlc:xJkYcpNHVz7DVG6ePCEAVqe8j/6lc
Threatray 59 similar samples on MalwareBazaar
TLSH 2395337B29012C2AFBC2537F315E1A09F06E63736AC78E1DC63C669D549F0382561ABD
Reporter SecuriteInfoCom
Tags:Glupteba

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'196
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Upolyx-12
Create hunting rule

PUA.Win.Packer.Upx-6
Create hunting rule

PUA.Win.Packer.Upx-4
Create hunting rule

SecuriteInfo.com.Trojan.SpyBot.954.27883.30065.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Ranumbot
Create hunting rule
Status:
Malicious
First seen:
2020-04-01 22:32:58 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
35 of 48 (72.92%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=mknecpeh7zbwm7zz5cpmmmkoyry35ilgirgaka3vw22w4haasb5q._file
Verdict:
malicious
Similar samples:
22adb7035a25bc288cb78f323f52c1c33a9e5113b387644da2947a3a1512e64f
Glupteba
33084be03513386911655bc80a549a8aec6f8cbeef78975c0f9ae486e68b1b31
Glupteba
34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030
Glupteba
788eb685943b452608a07a44d75be4c5806f1374461596a6ad7cce5569fcf77e
Glupteba
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
Glupteba
8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325
Glupteba
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
Glupteba
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
Glupteba
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
Glupteba
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
Glupteba
+ 49 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Glupteba

Executable exe 629a413c87fe43667f39e89ec6314ec471bea166444c050375b6b56e1c00907b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/340748/
  
URLhaus
https://urlhaus.abuse.ch/url/340749/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/348081/
  
URLhaus
https://urlhaus.abuse.ch/url/351541/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.DLL::LoadLibraryA

Comments