MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6369b1ed4ab77dfaea18de4beb22c0ca26bd91eae120261c3657f079f88c1790. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6369b1ed4ab77dfaea18de4beb22c0ca26bd91eae120261c3657f079f88c1790
SHA3-384 hash: f513419c4a5dfd63aa991ea6a8f454c1f8a24c83e968cfb560c8ba9887d5e21e56ff7fca8a1c915bbadc5170bac3f5f6
SHA1 hash: 0e815f5a2b59d4e991ce0e833f2913484786c5cb
MD5 hash: 18661043422fbe1e4b496bffde278121
humanhash: connecticut-one-bulldog-bulldog
File name:a7c137cc0f4d8dd7062b9efe7f6be2fe
Download: download sample
File size:3'921'064 bytes
First seen:2020-11-17 15:25:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 98304:ATqyvPya8se6Z5ymwwXGEMVnChejdIhp500IKJ:CqgPyDse6HyadMVnChMIhp500IKJ
Threatray 2 similar samples on MalwareBazaar
TLSH 090633D26396555FE7D7C138A3F2B2AC9DBC7240A69C83DD7E0C40CB26B544AAF6C049
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.EXE.Obfus-4.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6369b1ed4ab77dfaea18de4beb22c0ca26bd91eae120261c3657f079f88c1790/
Threat name:
Win32.Packed.Themida
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:30:48 UTC
AV detection:
24 of 48 (50.00%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
7c3c41d8da242f6ae707daaf842c0c0afb4ff541e3b009c62e51bc7d93eca86b
fdb56b7e346e7261d4c2c2d4875ed044a75960e19a1abc6b035bbdc49698a700
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion
Link:
https://tria.ge/reports/201117-lhkgtpdk7n/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Checks BIOS information in registry
Identifies Wine through registry keys
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Suspicious use of NtCreateProcessExOtherParentProcess
Unpacked files
SH256 hash:
6369b1ed4ab77dfaea18de4beb22c0ca26bd91eae120261c3657f079f88c1790
MD5 hash:
18661043422fbe1e4b496bffde278121
SHA1 hash:
0e815f5a2b59d4e991ce0e833f2913484786c5cb
Link:
https://www.unpac.me/results/c7aab279-276d-41a4-832f-9c13ee7b23ca/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments