MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986
SHA3-384 hash: 961737f7ec0e5d7fb4660e1a956245c6a613ea3eb328486076e8c2edf2e037d299acf7392ce72bf04c281d160b9baab4
SHA1 hash: c23a447aa123c146be1bae311b161680d3feed56
MD5 hash: 3bde278d11155b10eb91778ed1cee0e4
humanhash: floor-cat-beer-vegan
File name:a0901148e63e9cbe729dfd4e8f667d5f
Download: download sample
File size:1'036'289 bytes
First seen:2020-11-17 12:23:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fb1256fab57d2dfd02791ec2cff51231
ssdeep 24576:MEn3BTfO8xzLq4OT6FIvjoa/ZSL77Lv+f6T8E:3G8NnOVvjogwbD
Threatray 35 similar samples on MalwareBazaar
TLSH 5425CF0833BA15D7C83641BFE86EE97F4155697CB7B3C3A13289B1DB78213C29606762
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Malwarex-9792170-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
DNS request
Sending a custom TCP request
Creating a file
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 12:30:09 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
473312ffebfedba134fb127faaccf6c0084c03d268f3f333e0722bff8cbaab3d
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
6e176a6a67a3db2b56398f4d940c956270a1d145a3b126fa37cc164530a6f5ab
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
adcce5fe632ba6788b2538936984ba41069b5302b2c0983018353d2358746dc2
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 25 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-zgfxggd1js/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Legitimate hosting services abused for malware hosting/C2
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986
MD5 hash:
3bde278d11155b10eb91778ed1cee0e4
SHA1 hash:
c23a447aa123c146be1bae311b161680d3feed56
Link:
https://www.unpac.me/results/20b8bda3-da51-49a7-a696-2e4401316fb7/
SH256 hash:
389a149f5351575549b934eea04a33c6a5ca63287902b980fba0ebc562c91e76
MD5 hash:
c3aa0cb996876ee523836309fe47b119
SHA1 hash:
7f480727590fd7279ab6a92b7b7cc3d1cb2b0617
Link:
https://www.unpac.me/results/20b8bda3-da51-49a7-a696-2e4401316fb7/
Parent samples :
b2488b2c5b57839b8dda99b6d19bfed796f37d4493c4ff82abb568ad1ae162b9
869235cd2119eb4c4e4bc58ee334517ea0b4c219c65ad2a9902cf025ae1cba5f
5a84d55c04129675dda9d2b83e254deceb8c0f9cf720afea60e5b2de4fbce2c7
bdc684dfd7854f15120612ef2dfe1c4314f4b0d017c8e09e807a5ad68cd9b2ac
6567ef2a99dbe0b79e954a0c5dd1c4b7c45a0fe2f0ad77a42ba07256ff069408
2a771b3df8f05f3872784c275c4e5fc9696eed8b418b1d774242b012e3d71048
SH256 hash:
23a5f8d2a6854751b4ef7c989d0d40dbc8f8cfb9096fcd032ba9d2e31a4c6ca1
MD5 hash:
2d241d2653806baf7ea827900ff7790b
SHA1 hash:
6171ae228c797d5cf05adf0729d58a7cfc460216
Link:
https://www.unpac.me/results/20b8bda3-da51-49a7-a696-2e4401316fb7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments