MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 7e2a64b1518d22cdb493edbbbde9d69d3e81c2c4da3fc8bd3defd931b989ba8c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
YoungLotus
Vendor detections: 7
| SHA256 hash: | 7e2a64b1518d22cdb493edbbbde9d69d3e81c2c4da3fc8bd3defd931b989ba8c |
|---|---|
| SHA3-384 hash: | cf72d07ae2cc69d5adf8ad084099e772424dea7957a892eb600da2442a4851a194aeddcabc35b9a2a9acda6289e73d94 |
| SHA1 hash: | 2fedf0e6524abb785897667b8be852df810d15d4 |
| MD5 hash: | 5c2c312c218ccfa377a60d137f1b23a6 |
| humanhash: | potato-jupiter-cold-eighteen |
| File name: | 马尼拉公厕碎尸女教师!只因不愿做校长情人.cmd |
| Download: | download sample |
| Signature | YoungLotus |
| File size: | 1'470'464 bytes |
| First seen: | 2021-09-22 00:56:12 UTC |
| Last seen: | 2021-09-22 20:54:48 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | e2afc946bb1a7942e18b4d1a8f444ebd (9 x YoungLotus, 2 x Nitol) |
| ssdeep | 24576:RfnAFlGkI9i7sAVsbFoaHAThny4U5Ep9SO5+2BgiqinuKhLJWkI:FnIAkIAsAVmHetxPrdnuKhLP |
| Threatray | 35 similar samples on MalwareBazaar |
| TLSH | T144656B57BFEE8C71D27A1530045A52FC54B6A8313F61C1E723B8BA6EE9713C29927702 |
| File icon (PE): |  |
| dhash icon | 00bebe8cac3432e0 (2 x YoungLotus) |
| Reporter | Anonymous |
| Tags: | exe test younglotus |
Anonymous
this malware sample is very nasty!Intelligence
File Origin
# of uploads :
3
# of downloads :
220
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
马尼拉公厕碎尸女教师!只因不愿做校长情人.cmd
Verdict:
No threats detected
Analysis date:
2021-09-22 00:57:18 UTC
Tags:
n/a
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank.spyw.evad
Score:
60 / 100
Signature
Checks if browser processes are running
Contains functionality to capture and log keystrokes
Malicious sample detected (through community Yara rule)
Tries to evade analysis by execution special instruction which cause usermode exception
Behaviour
Behavior Graph:
Threat name:
Win32.Backdoor.Farfli
Status:
Malicious
First seen:
2021-09-22 00:57:09 UTC
AV detection:
20 of 45 (44.44%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Similar samples:
+ 25 additional samples on MalwareBazaar
Result
Malware family:
chinese_generic_botnet
Score:
10/10
Tags:
family:chinese_generic_botnet botnet persistence
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Drops file in Program Files directory
Adds Run key to start application
Enumerates connected drives
Chinese Botnet Payload
Generic Chinese Botnet
Unpacked files
SH256 hash:
b7c9285cdaaef8c8f479f8e8d2f318d4924f14dddd6ccda58b73cedcddaa6404
MD5 hash:
7bbc49f3d0f8a10e94efa4dd1c84cf94
SHA1 hash:
66cdabeb120a61f8fe96ca9b6b5a5a3927edde9e
Detections:
win_younglotus_auto
SH256 hash:
7e2a64b1518d22cdb493edbbbde9d69d3e81c2c4da3fc8bd3defd931b989ba8c
MD5 hash:
5c2c312c218ccfa377a60d137f1b23a6
SHA1 hash:
2fedf0e6524abb785897667b8be852df810d15d4
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
File information
The table below shows additional information about this malware sample such as delivery method and external references.
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Dropped by
MD5 68b329da9893e34099c7d8ad5cb9c940
Dropped by
SHA256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Dropped by
Gozi
Delivery method
Distributed via e-mail attachment
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.