MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ff8aa2e44c022e4876cc1ecbdb46aec2e790a36bcadcadeca059ad62593370d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Glupteba


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ff8aa2e44c022e4876cc1ecbdb46aec2e790a36bcadcadeca059ad62593370d
SHA3-384 hash: e670d5f3d55a3d89e64755b384314b42cf26fec2561c5dcfa7986791018adfdb35c487d8db09ccc33cd236408338f6c9
SHA1 hash: 551cd45da3107888dcacccf2e82d197be6cd8858
MD5 hash: 54e3ef44c531c68051c95a1a5bc3cbed
humanhash: failed-floor-jupiter-avocado
File name:SecuriteInfo.com.Artemis54E3EF44C531.6042
Download: download sample
Signature Glupteba
Create hunting rule
File size:3'981'312 bytes
First seen:2020-05-19 16:56:00 UTC
Last seen:2020-05-19 17:38:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash cad2761c7464465417997664a13512db (1 x Gozi, 1 x Glupteba)
ssdeep 98304:Mt0EC09BvT/3CHf3To2bTaZZ4FWC6XcdVyFtd4O+00QOl:Mjj3CjrTr76Xcbetd4O90QO
Threatray 42 similar samples on MalwareBazaar
TLSH 070633C5F7C3A479EC4B407590E67EA5A4A89B31E347C883A3E91B1F7F207E057A5206
Reporter SecuriteInfoCom
Tags:Glupteba

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'238
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Artemis54E3EF44C531.6042.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gozi
Create hunting rule
Status:
Malicious
First seen:
2020-05-19 11:58:24 UTC
File Type:
PE (Exe)
Extracted files:
32
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=p74kulseyarojb3myhwl3ndk5qxhscrwxsw4vxwkawnnmjmtg4gq._file
Verdict:
malicious
Similar samples:
5851f851fd3f4818e16bcf8ac00b723f43d2efd4b2d1acd3c506a8d32f8de14b
Glupteba
788eb685943b452608a07a44d75be4c5806f1374461596a6ad7cce5569fcf77e
Glupteba
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
Glupteba
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
Glupteba
b1ed7bb07b8e8086daf08820e00d383fba1ba39a6ec2cc02a08d1868eb68c20f
Glupteba
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
Glupteba
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
Glupteba
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
Glupteba
ed65d62376f71cd4ee0dfd8f1f9b43787de42dd85da310ab8b4e90abef7681a0
Glupteba
f4be8a038fc4b681a850d8ecaecc1f663d41bf27daf4f1af9c4cee1a3f63ae1a
Glupteba
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery evasion persistence trojan
Link:
https://tria.ge/reports/201109-bagzv8b13a/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
GoLang User-Agent
Suspicious behavior: LoadsDriver
Drops file in Windows directory
Modifies service
Adds Run key to start application
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Windows security modification
Drops file in Drivers directory
Executes dropped EXE
Modifies Windows Firewall
Modifies boot configuration data using bcdedit
Suspicious use of NtCreateUserProcessOtherParentProcess
Windows security bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Glupteba

Executable exe 7ff8aa2e44c022e4876cc1ecbdb46aec2e790a36bcadcadeca059ad62593370d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/364867/
  
Delivery method
Distributed via web download

Comments