MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
SHA3-384 hash: 7d18453aeb15990d3800ec9f2e966e24a12e201142784fb284b1e1f500a7925fa6592a38c3ce1fd5dce6e5781fca2515
SHA1 hash: 13b85a5f446a7c8232f08f58e4f59b7af01621a8
MD5 hash: 070cc2fda164639eba74391cc1a71bbe
humanhash: oklahoma-iowa-oscar-golf
File name:hpqhvsei.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:359'936 bytes
First seen:2021-02-11 09:38:44 UTC
Last seen:2021-02-11 11:59:16 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 9fa85cb89995d8ec1c7fb23402888f54 (1 x YoungLotus)
ssdeep 3072:vJK0nBeNFLSdMC2NjSbLN1ak5Rsq4szD7Fwk3xReec4:BVcNViX2NjgLzZ4hk3xRe7
Threatray 10 similar samples on MalwareBazaar
TLSH 6F7481C0AB46CC3FF489B434AD51B160BE9EAEE0F9D255CE218CB65A493179158F0F1B
Reporter r3dbU7z
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
2
# of downloads :
83
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116751/
Detection(s):
SecuriteInfo.com.Variant.Graftor.519541.23033.7963.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending an HTTP GET request
Creating a file in the Windows subdirectories
Deleting a recently created file
Sending a custom TCP request
Sending a UDP request
Replacing files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/605590
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b/
Threat name:
Win32.Trojan.Siscos
Create hunting rule
Status:
Malicious
First seen:
2020-06-28 17:07:28 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m2mz7wlrtzel2l2lm7r377gjbqdv42zl7bes4ltuzetrtwide4vq._file
Verdict:
malicious
Similar samples:
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
YoungLotus
1876e6fe34192e24fcb2245199c99a6735a6424151044564506b14bd670e1f91
YoungLotus
2addf0687e15d5da150548c7dd1d27bd3138b8ed464e0fe8cc6d091e34842ed3
YoungLotus
31d5bcd2e4ecd330a56fbef1826e7201532311c9a57ee44352a746ea8271a778
YoungLotus
5e5f8efd6ced3f58cc5212b0f68a8badb9419b87a99fa1683ecc2f49e5103c1d
YoungLotus
695dbd8c8d80719168bb3987b62fa5348f480ce00f4afbe54efae3a647fc2552
YoungLotus
97a6d37991a271facf6254ac7e4f4072bb3718cdc01c2fc8d92e3953a3f8b453
YoungLotus
b0e5fe8c3639e8e3777da2130157bb13b2ee8c99bd4929ed2d245e49ccee19c4
YoungLotus
bda9ac7c976d4077921a53b7b178aa402254d9e1e81a3eb7a5cc462982df9f0e
YoungLotus
d05821af6ec028f7f37738d83f4628e7dfbee77f7603478a5c13da68744794d9
YoungLotus
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210211-yy6ya41nsj/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
30df2011b9bf2203430f264672f5d0560448f98ef831a59aef89e22a96403d6b
MD5 hash:
5e4cc25de2d7d8d55e20dab6388b0c63
SHA1 hash:
e41ec3549d46ae5a74796ab998c9f56be5638672
Detections:
win_younglotus_g0
Create hunting rule
win_younglotus_auto
Create hunting rule
Link:
https://www.unpac.me/results/1a231b76-37a2-426e-b96f-4fb18b21c1d7/
SH256 hash:
66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
MD5 hash:
070cc2fda164639eba74391cc1a71bbe
SHA1 hash:
13b85a5f446a7c8232f08f58e4f59b7af01621a8
Link:
https://www.unpac.me/results/1a231b76-37a2-426e-b96f-4fb18b21c1d7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Cryptor
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IPPort_combo_mem
Create hunting rule
Author:James_inthe_box
Description:IP and port combo
Rule name:win_younglotus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116751/

Comments