MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73
SHA3-384 hash: 185cf9e365f36ffaa0eeac1a4a1663b6a1cea50ec3fef63f4b3965d2fc45a3891b64346d7bb4c35b83d78000544e9168
SHA1 hash: 32b1c6dbd2f3ebb3c8acaee121fbf5a0b8d03e08
MD5 hash: 227da511d6e03d33bb9e1cbf18f957c8
humanhash: steak-romeo-six-nebraska
File name:lv.exe
Download: download sample
File size:372'736 bytes
First seen:2021-06-04 00:59:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 54bdb0f44e9d5628a234fe66c31a1617 (7 x RedLineStealer, 6 x RaccoonStealer, 4 x Stop)
ssdeep 6144:zFlTIYr7JWTVUh72MR0XxhkvuOU8wGNIR2F4yMiLv7GYBhat:zFBIM4TVUh7cxhOp+eIQdLDm
Threatray 141 similar samples on MalwareBazaar
TLSH A5847D00A7B0D034F6F212B44A7592BB952D7DA17B2451CB22D62BEE7675EE0AD30F07
Reporter adm1n_usa32
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
lv.exe
Verdict:
Malicious activity
Analysis date:
2021-06-04 00:57:38 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/88bae9a5-aa26-43a1-a2ea-0585b23216b2

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/164518/
Detection(s):
Win.Malware.Generic-9868195-0
Create hunting rule

Win.Malware.Generic-9868256-0
Create hunting rule

Win.Malware.Generic-9868265-0
Create hunting rule

Win.Packed.Pwsx-9868520-0
Create hunting rule

Win.Malware.Pwsx-9868521-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/797043
Signature
Delayed program exit found
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-06-02 21:47:55 UTC
File Type:
PE (Exe)
Extracted files:
36
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
1bf9a15445a908fdcd7d4a5a0584678a1efb086d1eccbf0ae60393f6be208919
35ff264d4f296b3fcf8a4a86cbda7246e73862e99e35b71bbd2499d9028024b3
6f6a28c56adaaf83617deac4c89e060074b14697872ffcbce53c72cd5cf5a3b5
8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
c06a0e78bbdb7eb777ee46932da052fc2bc4efc2987e63bad29d2177cdcb7cb4
c5abf55b0591c96c64316cef1b7c5124f3b7ab3d05bc75ab80ae17c53d01dc72
e9da1da3a4fb2050b9b17f5dbb1dd5f334f22637fc8186052d152cc631839f9b
fa83c0bb710987cdf1c5ed15400d938bc818d20c34af9e96e8cd99fc2ac3a172
fb5d2b6d9ec1b9c07e64f6b9eb148099f0b43d58dc867102c02b16a9a9152022
fc2a8472021c1f37e7ba14fd51259d37d10bd030ecd33134ebf42d3279ab860a
+ 131 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210604-5rm8lb46rn/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
cae2af36f866fed9753ecc423bf1cfb3d1b5f2c3179dddc1715d6c896812d669
MD5 hash:
0fcc3d7408dfb7b31d8e36982dab298c
SHA1 hash:
6ebe13e8565ab5cfc7f8eac8973c156531b2a1e2
Link:
https://www.unpac.me/results/31725169-6705-441d-a2e0-8d31421ee5e9/
SH256 hash:
7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73
MD5 hash:
227da511d6e03d33bb9e1cbf18f957c8
SHA1 hash:
32b1c6dbd2f3ebb3c8acaee121fbf5a0b8d03e08
Link:
https://www.unpac.me/results/31725169-6705-441d-a2e0-8d31421ee5e9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7e41bf3313b1f633bebccfcbc0440b35d84b154eb4d1462385aaa82e0093de73

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1321161/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/164518/

Comments