MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
SHA3-384 hash: bad575bbab78ce140e801d0d60f92adb55ec7cfde8e63e72cc53b501a4786421519ed2f6cd410f0b0f535542fe14e6be
SHA1 hash: d38da9f2e22df5d72488b00e3865e32df655bb56
MD5 hash: b39ec795237847c3f080eb45d146edb3
humanhash: sodium-ten-mockingbird-triple
File name:curllib.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:611'840 bytes
First seen:2021-02-12 10:29:16 UTC
Last seen:2021-02-12 13:04:02 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5c087b7e58586268ce09b21d19f91e7b (1 x YoungLotus)
ssdeep 6144:sRmMcRAk9JtqbLxVT0erlR+GjiigPZe/5eUsxaQh3kVQAQA/w8:sRmFRAk97qdSerlRZihBe/XwN9ke4w8
Threatray 6 similar samples on MalwareBazaar
TLSH 4AD48D02ABC140BED57A26359C75B6711EBCB9313B2B878B1798067B5E701D19E30B2F
Reporter r3dbU7z
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
2
# of downloads :
126
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116911/
Detection(s):
SecuriteInfo.com.Variant.Johnnie.245179.31008.24448.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/606672
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 352368 Sample: curllib.dll Startdate: 12/02/2021 Architecture: WINDOWS Score: 56 23 Antivirus / Scanner detection for submitted sample 2->23 25 Multi AV Scanner detection for submitted file 2->25 6 loaddll32.exe 1 1 2->6         started        9 loaddll32.exe 1 2->9         started        process3 dnsIp4 21 194.113.170.9, 80 VPSQUANUS unknown 6->21 11 rundll32.exe 6->11         started        13 rundll32.exe 6->13         started        15 rundll32.exe 6->15         started        19 17 other processes 6->19 17 conhost.exe 9->17         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7/
Threat name:
Win32.Trojan.Siscos
Create hunting rule
Status:
Malicious
First seen:
2020-05-07 01:30:21 UTC
AV detection:
17 of 31 (54.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oum6zseikthzny3j6eicip7mi357eduncjm77lxan34gl5m2hktq._file
Verdict:
malicious
Similar samples:
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
YoungLotus
5bfa97b6f9a50bd8062d57b59590dfc0ae18b2b810d102e41c40042a253b8168
YoungLotus
66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
YoungLotus
9f1052a754dc0ff5aa1689b68581b845996b9ee8cb94d4382ceebb0dfbaa0231
YoungLotus
b2fb16cdb1700f495f93d93ff1ec622581c0e829f617932767cd926dbaee6d76
YoungLotus
b65776ee765163d76689852aa6e04a614663c762a2ffca103f5faa4cdb5759fd
YoungLotus
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210212-krm92dqqf2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
448a7c23ef214047b78a45504d8e90c66f88a06c7c6ae6994de76c1ea86e73cc
MD5 hash:
764ce39378bdb778a1e72db11f23d556
SHA1 hash:
bcc632174d7d837d239707e5f5eff44a9876b287
Detections:
win_younglotus_g0
Create hunting rule
win_younglotus_auto
Create hunting rule
Link:
https://www.unpac.me/results/25c7d501-2197-464a-b1ec-b536fb8b64b7/
Parent samples :
1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42
b65776ee765163d76689852aa6e04a614663c762a2ffca103f5faa4cdb5759fd
b2fb16cdb1700f495f93d93ff1ec622581c0e829f617932767cd926dbaee6d76
5bfa97b6f9a50bd8062d57b59590dfc0ae18b2b810d102e41c40042a253b8168
7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa
SH256 hash:
7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
MD5 hash:
b39ec795237847c3f080eb45d146edb3
SHA1 hash:
d38da9f2e22df5d72488b00e3865e32df655bb56
Link:
https://www.unpac.me/results/25c7d501-2197-464a-b1ec-b536fb8b64b7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_younglotus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116911/

Comments