MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e
SHA3-384 hash: b0dcc2343a71e21404318762e7efb5d8b6113423a5d1b18b648efbcacf973d00fbfc6b719aa059287dcc849676282c44
SHA1 hash: c62ada5d2073c48cae03dea2e97d097152491cf3
MD5 hash: 17c560801c2613efad3beee7e7fc7c1f
humanhash: march-venus-diet-five
File name:gogogogo.exe
Download: download sample
File size:1'273'344 bytes
First seen:2020-11-05 10:30:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9e5278b0ee977696848799f2a8aa26ae
ssdeep 24576:VDnAf/MnSq8mBBVL+mFTM7SBOPM1TmGWPcYb:VLwjV89+4cScPopkcYb
Threatray 46 similar samples on MalwareBazaar
TLSH 5545AE21F2915833D133EB3F8D2BA7A95826FD522E29D8462BF51E4C1F396817C35293
Reporter abuse_ch
Tags:exe geo TUR ZiraatBank


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: srv1.demspor.com
Sending IP: 31.169.94.221
From: "ZIRAAT BANKAS" <ziraatbank@ileti.ziraatbank.com.tr>
Reply-To: "ZIRAAT BANKAS"<ziraatbank@ileti.ziraatbank.com.tr>
Subject: DEKONT
Attachment: e-dekont 1.rar (contains "gogogogo.exe")

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/83227/
Detection(s):
SecuriteInfo.com.Trojan.PWS.Stealer.29553.12971.8554.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/521349
Signature
Contains functionality to detect sleep reduction / modifications
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e/
Threat name:
Win32.Trojan.LokiBot
Create hunting rule
Status:
Malicious
First seen:
2020-11-05 10:17:12 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbrv6ttw5tta2mz4taw5kbywsua3lfia5m63a5hxlc253fjtvcha._file
Verdict:
unknown
Similar samples:
05c5ebfe7acb748d41d40eb6dad1c142635f5fe97958f6933fead63d723b0728
3e0a37f088d0afcb0d3528f6df73368d754f51c07acff855e1c991071cebd298
4748d8754858143f280c1022b3c01ddc0a81e9fdf04babe1e711ef09d73124b6
5026074cb8589625cc6579285ec7ec862f7f6c9616e3a1f5d61329520177cfb8
586a5c6bcf95f6049dc38661cff95eb5000a05ddad7ed07236bfdabee7ffd30f
90bfb4c6e4d0e4cfbc46e3f641045e47b917a6a5b6ade0e8314ce0ca1d7d6f67
9f1bd2c46d3293044a04b58c4f9fdbe301cf6d2d5432c808b7e7310fe4544011
bdb09b8c5d9d6ee0e42047449dec605b61edc1f71ee6247b84f3c9a03669cffd
cddbbf914db713826ba190f20ccfd85b427666227210faaf435d6748fa601d14
e1ec1bb7aa6dec1ced8de00080d6c7b26890b89af96e05fb81f806bef1464be6
+ 36 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201105-638nh8cbfe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e
MD5 hash:
17c560801c2613efad3beee7e7fc7c1f
SHA1 hash:
c62ada5d2073c48cae03dea2e97d097152491cf3
Link:
https://www.unpac.me/results/0fa23759-94e5-4648-8912-9514546e29c4/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6

Executable exe 80635f4e76ece60d333c982dd507169501b59500eb3db074f758b5dd9533a88e

(this sample)

  
Dropped by
MD5 507a92ca0aeba2922e2cd3c75bc0686a
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/83227/
  
Dropped by
SHA256 bb87a82a7e72d67fe9650bf45b0989ba75da7837abc36ec9bbaeabe73b89fcd6

Comments