MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c203d576243949d311db24aac7b979c2ec946a334c455e6869ca28b7f15b481. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c203d576243949d311db24aac7b979c2ec946a334c455e6869ca28b7f15b481
SHA3-384 hash: 5094fb4de7afdbee944335f8e7a50880ac18b61c4f2017d3b7650b9138da5c0be558963ed02422075e0dd57d7b5b420c
SHA1 hash: 83dc7045c0a02ab99ece341bf1d1c4286899e0d0
MD5 hash: 165b03302cf5b2b55941c39918fb852d
humanhash: autumn-arizona-failed-juliet
File name:6c203d576243949d311db24aac7b979c2ec946a334c455e6869ca28b7f15b481
Download: download sample
File size:477'247 bytes
First seen:2020-11-07 19:30:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6083e536d6342c425a7dad4bdc72272 (67 x Drolnux)
ssdeep 12288:Nc+j9DoGCdQRQxTQcodbCF8X+hokfmpQLyqvBNTUB4em2zaxuR:Nvj9DoGaIIj2za6
Threatray 33 similar samples on MalwareBazaar
TLSH 49A4AE60BB3F0C94FB5941FCADA39296C625AD8DC9981EF45D9EF40495E60A091F033F
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Packedent-6872289-0
Create hunting rule

Win.Worm.Drolnux-9786612-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Creating a process with a hidden window
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
DNS request
Sending an HTTP GET request
Setting a keyboard event handler
Sending an HTTP GET request to an infection source
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c203d576243949d311db24aac7b979c2ec946a334c455e6869ca28b7f15b481/
Threat name:
Win32.Worm.Drolnux
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 19:39:16 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
01dc3472fb5b179dd1777ceee58c9610982ac9ae177dc6447f250a9c0cb5bc36
0dc943629e8ac7053963406edcda14ffd7a8835cb6dfb4b925f21f7dad68551c
18fa82d38a0dbdae165857f430d11ea8bc1a30baa672570a801de18ec4ceda8c
3e0bbf288fc1d344f124caa048f3e79b1f58731455f6d80be4cbc91e3971d94e
7b7d8033c748ec5df4661bb07ba4829a6398763ba4d8d668c3fbc389ccbc454f
80251c02d6661dd5db4cb2d65e52ff66b9abd48d717106ff0df3ad75f343c7f8
8a7b6fc6944f91fd3d28246d39fad32ffa2705f23178331f9bc13930a753e530
8b999e65e0d50fd82d11e0dc59e92f46485cd87d5b931b134d890a038dddf927
ce82ae2cbc05636b73e29b11fcfbb62ffc7d210b6ef7d56de111f0fabc1c7838
f9d9f5051fcc32e496d5a1ca1ced94e045cd75e7607f328727469de7482174d4
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201108-kyazgzsg9s/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments