MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a
SHA3-384 hash: 1f5952fad9217949ca28b20ab82bfc39ea737173d52b3ca29b752673fb2e43cf6e3bdb7e4e4abd2fd16babe090512b7f
SHA1 hash: d54154d82918b808d824f5600cd884c2afc919a3
MD5 hash: 36e9cd1fa2d32a8db22c03cb91a1ff7f
humanhash: december-twenty-tennis-twenty
File name:a8110e5c538e681ae4079ac4dbb9fcf3
Download: download sample
File size:227'328 bytes
First seen:2020-11-17 15:37:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60a858e732cc623a1fd10517fae46918 (1 x DanaBot)
ssdeep 6144:dVZagtjWOfEtQL5n0vqtw+JsGnMvXosre:dfaqMQL0rGmFre
TLSH D02402123EF0D972C68B523F4825DB446BBB18202EB5D5CBBB952A9D2F623D1C931385
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Dropper.Tofsee-9789356-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
DNS request
Running batch commands
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
Searching for the window
Launching a tool to kill processes
Sending an HTTP GET request to an infection source
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:44:52 UTC
AV detection:
26 of 28 (92.86%)
Threat level:
  5/5
Unpacked files
SH256 hash:
82d6a5af89fc2c37abd8a1639195c197c83e5d883b448909ee9bdf1db25a269a
MD5 hash:
36e9cd1fa2d32a8db22c03cb91a1ff7f
SHA1 hash:
d54154d82918b808d824f5600cd884c2afc919a3
Link:
https://www.unpac.me/results/7c1f92a5-f583-4873-845a-5beaebba764e/
SH256 hash:
e3e41d775d905633b4182c4a6d7911d4db6ed92127654f04669e52315c8ef628
MD5 hash:
cd558ecffc3ac656e92d8a43c41421e2
SHA1 hash:
1488a1bb16c58291f65886f9be71a80c328e56c9
Link:
https://www.unpac.me/results/7c1f92a5-f583-4873-845a-5beaebba764e/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments