MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Drolnux


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215
SHA3-384 hash: 89cbbc42ff2dace442941bfe9457e8d33b2e972578aae3bb4f935c29bb2e412b89223101e0b581b176e15f515cc873df
SHA1 hash: 930767200ee0c5ac1cf441ecfeaea728061eb0ad
MD5 hash: 9d75e38a1ae1c118632adc73033b7551
humanhash: romeo-fish-november-potato
File name:6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215
Download: download sample
Signature Drolnux
Create hunting rule
File size:491'628 bytes
First seen:2020-11-07 20:04:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6083e536d6342c425a7dad4bdc72272 (67 x Drolnux)
ssdeep 12288:ZXAWnR7H5UXGxPbSKpkImDbGrB3DowWwZZssCh:RRlU2xPbS4yDKl3DHPDy
Threatray 33 similar samples on MalwareBazaar
TLSH 8FA4BE44AEC2C1E7C53EA0B658D4BA4B3198E474BDA0F7FBE0102A4EDA56D934EC70D5
Reporter seifreed
Tags:Drolnux

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
DNS request
Sending an HTTP GET request
Setting a keyboard event handler
Creating a file
Launching a process
Creating a process with a hidden window
Sending an HTTP GET request to an infection source
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215/
Gathering data
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=nua3rmizwwun3vkzfpuuc4xzykqkuclmx2icf7gyzh2ojh33iikq._file
Verdict:
malicious
Similar samples:
207e2b4a9e958c083d45db73557e706fbd45b5cc8d24ddaee45cbb562193ed13
Drolnux
3a16c35b4f5b5312fa59c3a52af7be3ee063f306687df05f304747e6d0ead141
Drolnux
3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0
Drolnux
7b7d8033c748ec5df4661bb07ba4829a6398763ba4d8d668c3fbc389ccbc454f
Drolnux
80251c02d6661dd5db4cb2d65e52ff66b9abd48d717106ff0df3ad75f343c7f8
Drolnux
8b999e65e0d50fd82d11e0dc59e92f46485cd87d5b931b134d890a038dddf927
Drolnux
aa6034f866e0345f7cea6a6e519785dcd7dac83d369031e30562b470f5c98ff8
Drolnux
acf48b6325bfa159abe2a25c35ecf82bd94b6170d7687e4a1ff51ffd2c818f75
Drolnux
c91dfe14fe684a707a7f436e0fec7f4c263ef16d851e41728eba7b4aff1d4b57
Drolnux
efe2c7609b02b8e0adf87b410065a3f6d4c0071fdc9c9b08719e0e62b25d96eb
Drolnux
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201108-k5y95ljypa/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Embedded_PE
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments