MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Glupteba


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
SHA3-384 hash: 275f495fe0506e74cadc8513696fdfe8845cf62317a53fb1c07bac34accd3365e73954bca5f5bdeeb4f0c1d260716792
SHA1 hash: 5332c42281c66aab713be44a6a6a04b2568dee96
MD5 hash: 9e89f8f305e2fe03e66166204382556c
humanhash: bakerloo-edward-india-beryllium
File name:9e89f8f305e2fe03e66166204382556c.exe
Download: download sample
Signature Glupteba
Create hunting rule
File size:3'959'296 bytes
First seen:2020-05-18 12:22:44 UTC
Last seen:2020-05-18 13:01:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d425172c98bef0f2f9760b7890568e7d (2 x RaccoonStealer, 2 x Glupteba)
ssdeep 98304:vhDE1TvBM4EzCck70my88+TU7FmSuhmJmi:+5BLIkNytUSuCb
Threatray 42 similar samples on MalwareBazaar
TLSH 71063334EAE0D3B7D1B7057885BDE6E16ABA3A750F70841B9B182E1F5F133C125532A8
Reporter abuse_ch
Tags:exe Glupteba

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'236
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Siggen9.46969.17458.13777.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-18 09:03:05 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=q36old4t4qeh4jq4kk7pxods3wx6xajjacgvcu6jaccm2sskixia._file
Verdict:
malicious
Similar samples:
34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030
Glupteba
5e00e50d04130b470825d6c1bd58542d32a0a4f52c4d6e6ff01ea1cfad8fce3e
Glupteba
788eb685943b452608a07a44d75be4c5806f1374461596a6ad7cce5569fcf77e
Glupteba
8aec9a6d0849cb10d68adb2ac069a69cbd34b099d410ace5756563dcf52fd79a
Glupteba
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
Glupteba
b61cf35c2b6ac8352598a823529fc2b72df2d0811d6266fdaa57404798f271e2
Glupteba
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
Glupteba
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
Glupteba
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
Glupteba
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
Glupteba
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery evasion persistence trojan upx
Link:
https://tria.ge/reports/201109-qh8nk3w4cx/
Behaviour
Creates scheduled task(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
GoLang User-Agent
Suspicious behavior: LoadsDriver
Drops file in Windows directory
Launches sc.exe
Modifies service
Adds Run key to start application
Checks installed software on the system
JavaScript code in executable
Loads dropped DLL
Windows security modification
Executes dropped EXE
Modifies Windows Firewall
Drops file in Drivers directory
UPX packed file
Modifies boot configuration data using bcdedit
Windows security bypass
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Glupteba

Executable exe 86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/364261/
  
Delivery method
Distributed via web download

Comments