MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 689e78e744989b2fe56816e06b78aeab3f23d596228e77fe75b5cac9af166c8a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 689e78e744989b2fe56816e06b78aeab3f23d596228e77fe75b5cac9af166c8a
SHA3-384 hash: 8044e2385902ac459893d08d92bea9144ee4a483825ad808b2783004ea4284454d34242eb4befa72f00b473ae6f399f6
SHA1 hash: a7b492aedd5d471088cb2de69ea6444e469c716b
MD5 hash: 3deea640ae65a0709a15761321a3dec7
humanhash: alabama-july-lion-nineteen
File name:689e78e744989b2fe56816e06b78aeab3f23d596228e77fe75b5cac9af166c8a
Download: download sample
File size:491'224 bytes
First seen:2020-11-07 22:28:09 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6083e536d6342c425a7dad4bdc72272 (67 x Drolnux)
ssdeep 12288:XZx5xmSfXnHo0LEb66c9L9UB45ZZCzPp3t:pTvvxet
Threatray 33 similar samples on MalwareBazaar
TLSH 63A4AF00A67A8A64EF4D417E6A450F06D3BB5DC49B1DC6EEDF05789B26B37C3C0920DA
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
118
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Packedent-6872289-0
Create hunting rule

Win.Worm.Drolnux-9786612-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
DNS request
Sending an HTTP GET request
Setting a keyboard event handler
Creating a file
Launching a process
Creating a process with a hidden window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Sending an HTTP GET request to an infection source
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/689e78e744989b2fe56816e06b78aeab3f23d596228e77fe75b5cac9af166c8a/
Threat name:
Win32.Worm.Drolnux
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 22:38:16 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0dc943629e8ac7053963406edcda14ffd7a8835cb6dfb4b925f21f7dad68551c
18fa82d38a0dbdae165857f430d11ea8bc1a30baa672570a801de18ec4ceda8c
3a32caec3609063b23a74919893f3aab134f339c7fa16ea4300355703c9c6443
55530945ae1c5c43fda07f742c5dfe13f8392f332241adb40cd95b77e6fa901f
55c247b1b57210ec81227253aa1e00761422f5ae54713fca7cf3ab45c8e404b1
6c203d576243949d311db24aac7b979c2ec946a334c455e6869ca28b7f15b481
8b999e65e0d50fd82d11e0dc59e92f46485cd87d5b931b134d890a038dddf927
aa6034f866e0345f7cea6a6e519785dcd7dac83d369031e30562b470f5c98ff8
c91dfe14fe684a707a7f436e0fec7f4c263ef16d851e41728eba7b4aff1d4b57
f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201108-ly4trb9v4x/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments