MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 76576816115e7934992e15abe252c6904835d10051382b0eb56abe42f4d94d54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 76576816115e7934992e15abe252c6904835d10051382b0eb56abe42f4d94d54 |
|---|---|
| SHA3-384 hash: | 9a9f75e1dca0fca157be17e368d4c51c791678ac1b121b40490f320e27c7f9b4b24daca7562e553ae8dcb690c9c9d5c4 |
| SHA1 hash: | 9854433c46c90e2d020a2429f66113354fe82af9 |
| MD5 hash: | a063641485b6f3cfca29a0e8760b08aa |
| humanhash: | high-violet-timing-blossom |
| File name: | a063641485b6f3cfca29a0e8760b08aa |
| Download: | download sample |
| File size: | 385'026 bytes |
| First seen: | 2020-11-17 12:46:27 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b71ae52e8715ee7bfaa0c9df227db54a |
| ssdeep | 6144:YIvRDXxjMz39388+QAMfnRt+Gf0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:jJDhj23C8+Q7fRAc0npM4dl0v5JF |
| Threatray | 41 similar samples on MalwareBazaar |
| TLSH | 3684CF83329C9E6EC97C37733CB9B208A482E9166DB7710F29A8875BC442DF795C7251 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
67
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-11-08 06:25:53 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 31 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
n/a
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
76576816115e7934992e15abe252c6904835d10051382b0eb56abe42f4d94d54
MD5 hash:
a063641485b6f3cfca29a0e8760b08aa
SHA1 hash:
9854433c46c90e2d020a2429f66113354fe82af9
SH256 hash:
99c28d13ba2ba39d2be49f0e845fac63cb71f06c9cecddc8544c110c8083649a
MD5 hash:
9d2d25635445a56da226364fae683318
SHA1 hash:
c11e7e62f47626132506677878ef75e63cf7804e
SH256 hash:
f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca
MD5 hash:
e50a7d584c3072d164ca47778354b429
SHA1 hash:
07f147cbf132e1df28878c1272ea012eb33eee8b
SH256 hash:
8a5296475497a6869e0d21606da629bcccd8505621cbfcf92341ed59dd9d9ecd
MD5 hash:
858197e57ecd5817702bdce1561e0aef
SHA1 hash:
b4a27b61a853e54bae22b6784a5d4bd9b5e2ea80
SH256 hash:
8a510281670aee748e237f17a002ab9329bc38f018122baa9bdcb42bb3304614
MD5 hash:
9dbb7af803320a8ea4db42b775d9c267
SHA1 hash:
c2a48e9221690c0af4d0e9e1c5b9ae6068cdae0c
SH256 hash:
fe9c28d4138e9ecc0f1c2225ad5d0323394d471c200347f9067a6eaf733c6315
MD5 hash:
cf9b8c09dec273fe2b7d294ac7dbe668
SHA1 hash:
d785bbe33d647b5bba200f2f9eb1a49e07bf36c1
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.