MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6812d44b05455b4503ffa118b62d3810304f3867b528042985dc6ebc834ebdfc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Vilsel


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6812d44b05455b4503ffa118b62d3810304f3867b528042985dc6ebc834ebdfc
SHA3-384 hash: 9a144226dbbcadea52ebc60e40fffef48c59ee1c5ffec609740ca13a2b38dca71016091eb0b853088328422bb4a1166e
SHA1 hash: b0657be2ab1ff75c8f36d99cba30fa7cf1649ff2
MD5 hash: 620c8741401d694feb46541912f43a9c
humanhash: robin-winner-mockingbird-april
File name:620c8741401d694feb46541912f43a9c
Download: download sample
Signature Vilsel
Create hunting rule
File size:74'174 bytes
First seen:2020-11-17 11:28:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1639b1e17656fed4f63bac94cbb79cec (17 x Vilsel)
ssdeep 384:i6wayA+1mwnA353BXR+oGfP5d/ZBHXME+l93qPAqee/w6yJ/wWD+S83BXR+oGf2T:ipQNwC3BEddsEqOt/hyJF+x3BEJwRr+A
Threatray 4'947 similar samples on MalwareBazaar
TLSH D173D643B752C680F5496179688387A96793FD71AE037A075160FF3F3AB39A04E91F22
Reporter seifreed
Tags:Vilsel

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Vilsel-4621
Create hunting rule

Win.Trojan.Vilsel-4622
Create hunting rule

Win.Malware.Vilsel-6804257-0
Create hunting rule

Win.Malware.Genpack-6989317-0
Create hunting rule

Win.Dropper.Razy-7605528-0
Create hunting rule

Win.Trojan.VB-61415
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Enabling the 'hidden' option for recently created files
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Moving a recently created file
Replacing files
Deleting a recently created file
Searching for the window
Creating a process from a recently created file
Creating a process with a hidden window
Creating a file in the Program Files directory
Creating a file in the Program Files subdirectories
Creating a file in the Windows directory
Creating a file in the Windows subdirectories
Changing the Windows explorer settings to hide files extension
Changing the Windows explorer settings
Blocking a possibility to launch for the Windows registry editor (regedit.exe)
Enabling a "Do not show hidden files" option
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6812d44b05455b4503ffa118b62d3810304f3867b528042985dc6ebc834ebdfc/
Threat name:
Win32.Virus.Lamechi
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 19:51:01 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
08e12f6b9796ad1f47062ea86ec73c496028660f61a9917008cce9004fb1d48b
Vilsel
0e25e4a05fadbcb038a39f2f0101f46cb1f9e9bad53d83dd786e161640284dce
Vilsel
117cf73273768bafb736f30cfc3c84d3f4b832c49ea83e8473239fef15c82ad0
Vilsel
37d111896ff48857ffcc00b910beff5e79262aa5097eb786fa013ca479db9571
Vilsel
58c686ae386e71180a0e0544c536e33d1348ab5dd9e7102dc250302f1d721fa6
Vilsel
603b8b4a8d2fedea549b4f06b345da9234a06ceab9366175c8de484df155a2b9
Vilsel
6c094a18d2ab75c95ffc39399cece2eebdb8064f91cec40226be037fb20f64d9
Vilsel
819213dcbaba4adab07064fb70f88e4a73f15294635ac0291d5809610151a92f
Vilsel
8220a8c4adb4f8132d5586dac58766a76c873d3eba42e0f0c2c772a60f9a04be
Vilsel
915f3a6a61a8b1762e2c3ff539743ffe20de1caea2ee071d2e3f2c084532dcca
Vilsel
+ 4'937 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion
Link:
https://tria.ge/reports/201117-8p8np5parn/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
Drops file in Program Files directory
Drops file in Windows directory
Loads dropped DLL
Disables RegEdit via registry modification
Executes dropped EXE
Modifies visibility of file extensions in Explorer
Unpacked files
SH256 hash:
6812d44b05455b4503ffa118b62d3810304f3867b528042985dc6ebc834ebdfc
MD5 hash:
620c8741401d694feb46541912f43a9c
SHA1 hash:
b0657be2ab1ff75c8f36d99cba30fa7cf1649ff2
Link:
https://www.unpac.me/results/dd6af86f-06c0-4a93-b45e-406e2ea88251/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments