MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38
SHA3-384 hash: e85ddd03bcbcdbe8421ddf2835fbad814d02b549ccb828cb4aa249c921ed977d90bfd88fab5ce5336612e2a0ccf51c0d
SHA1 hash: 43398482bfc3e4e53c5850bf98948c12e4992f39
MD5 hash: 8b356844a3b994cff588a41f44cee34e
humanhash: delaware-undress-fix-vegan
File name:4c837e9256490e2301081570205b26be
Download: download sample
File size:570'880 bytes
First seen:2020-11-17 12:18:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60d34734e6f441a374a9ec39d547cc08 (1 x Smoke Loader)
ssdeep 12288:uaRA1r1NoHkmjgOknURfM1vgM0uaHvC2T9UmUKYE:uaR+1NoHzgpUFUIuaPC2RUmU
Threatray 6 similar samples on MalwareBazaar
TLSH EFC41210B592C972D01E09F14921E650EA7DB9718BB5DEC33368AF5E7F322D22E76312
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Glupteba-9789578-0
Create hunting rule

Win.Packed.Emotet-9790742-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:23:48 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
a06a77bd973a602f49aff3fa3a116c62d38f0e0c1842e9dca97531a68d1a3884
a356d92ade4d8d537ea6dfabe765d4cd2ff851faae1d4551b91e50b47aac216f
b99887f1364955d2872bedadab15a15a51429ec8aeb111859d50e24a9fd31342
c84d98524bf72eac034a406063c9d25b3bceb254d3d03f1d68e018320c2fb506
eca5123a9c6fac8fa6d93a9f12ed7009ab816177eeb100e5ff27c3b4ff79d4a2
f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-qhakqs1e3j/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38
MD5 hash:
8b356844a3b994cff588a41f44cee34e
SHA1 hash:
43398482bfc3e4e53c5850bf98948c12e4992f39
Link:
https://www.unpac.me/results/cb41c462-b03b-4e1f-bf73-2a6e124499e8/
SH256 hash:
a356d92ade4d8d537ea6dfabe765d4cd2ff851faae1d4551b91e50b47aac216f
MD5 hash:
cd8ef9620a6b9ca18a6647d977398606
SHA1 hash:
7d9088ec691191f0f681c9d612957e643cc0ad1f
Link:
https://www.unpac.me/results/cb41c462-b03b-4e1f-bf73-2a6e124499e8/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments