MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71
SHA3-384 hash: a6919ff54088a01ffcdb089aa0f6131f481778352751b9a4e8afa2eedacba2ad9c789adb5831d714bbe266aea1f8f1ce
SHA1 hash: bf13554579f3a1790d38c340803b7a7435af19b0
MD5 hash: e4dc1316bde5f058c3eaf297a378f07e
humanhash: glucose-hotel-golf-pip
File name:e4dc1316bde5f058c3eaf297a378f07e
Download: download sample
File size:2'581'504 bytes
First seen:2021-08-01 14:36:06 UTC
Last seen:2021-08-01 15:38:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f6e4c27a9632149744d004de67a6dd3e
ssdeep 24576:vIt5+bgJZt6Ay6hHW3BfIOcqCqxEclEappvNo6JOyRyjIm5h/29xNkXt/94IFi1s:8kgAADhHW9PcrclEIrRKmnksR0DfM
Threatray 3'834 similar samples on MalwareBazaar
TLSH T1ADC533C38D9D35BBF65D63BC7EAE7B842E0F7427214802C9663867E069534988EE504F
dhash icon 70c492d878f0c4cc
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
723
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e4dc1316bde5f058c3eaf297a378f07e
Verdict:
Suspicious activity
Analysis date:
2021-08-01 14:39:47 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/223f2758-ef4d-4bd9-8b5b-6da1c9c67d4f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/175574/
Detection(s):
SecuriteInfo.com.Variant.Bulz.535484.1680.5783.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process with a hidden window
Creating a window
Launching a process
DNS request
Connection attempt
Sending an HTTP POST request
Sending a UDP request
Launching the process to interact with network services
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a31cec7e-9c80-46f1-8f93-7a5f9dc3bd1e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/825103
Signature
Antivirus / Scanner detection for submitted sample
Detected unpacking (creates a PE file in dynamic memory)
Disables security and backup related services
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71/
Threat name:
Win32.Trojan.Bulz
Create hunting rule
Status:
Malicious
First seen:
2021-07-28 02:46:00 UTC
AV detection:
20 of 46 (43.48%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
0d98ef822b6cd26f7d02dd38cfc5d1f3087a9440de59c3ee124e1178450de8e9
2c00e86dbb2ac6b2b8cb19ab454068bb8621c8f2069535451b5794896793a610
4d965e25bfdf3de92df7125c4d5fd541ecf042ec6060ae9a109e41bf5d01a28c
50980f7243ee469beb4013660e4facdab431e29a2de6646c004621144a6d8648
554280d027e0ca9fac59307569a6352f04371cb55b35301b0a9432069ffc82c3
622c975af170d0e11dba95b052f6ea0f992267650809ab9e3b4e22f2ccc32e97
6c827d61cbe6d4b9c2851c1c234353265188e805cc27ebe195b9133e1f8fcc80
710f00304004fe991c085c99ef5f98558bb5ef145aa5c0855ce2c0e091aa4743
f3f540378e07c4686e0d910a8e98285469e360415844f97f0bbbce295c2142b6
+ 3'824 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210801-ak17xghave/
Behaviour
Enumerates system info in registry
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
b94c2b4feb185d99c8c17c0191018de8bb83ead4b4e90a4f8331ab51ed3733d7
MD5 hash:
0cb6754a3297bd414aea95b497b6b882
SHA1 hash:
5083c372f669326d02f437710096cdaceb2d2781
Link:
https://www.unpac.me/results/cc580d6c-4865-45b7-ac81-ec1c3acb74aa/
SH256 hash:
6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71
MD5 hash:
e4dc1316bde5f058c3eaf297a378f07e
SHA1 hash:
bf13554579f3a1790d38c340803b7a7435af19b0
Link:
https://www.unpac.me/results/cc580d6c-4865-45b7-ac81-ec1c3acb74aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6e5a7fcf8c27fb801d08efe579582948fea2eb62f2edf9669350c50eaa91ed71

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1497748/
Cape
Cape
https://www.capesandbox.com/analysis/175574/

Comments


Avatar
zbet commented on 2021-08-01 14:36:07 UTC

url : hxxp://www.dacui.online/download/update/ly%E7%99%BB%E9%99%86%E5%99%A82021.exe