MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035
SHA3-384 hash: e0179c2f3fcda0094312e454e835945d55c9a0a3defbe722f2afcf7346ce521c1aec5eb75176184c1b86ba94483eddef
SHA1 hash: 07d580fbbc493f18aa9058173bce0fdd967c7397
MD5 hash: dbc618e1446cfefe75326764443e1f5a
humanhash: eight-six-diet-hydrogen
File name:a192fe9e4e7b88cc20171aeb7fcdf087
Download: download sample
File size:192'513 bytes
First seen:2020-11-17 11:25:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b71ae52e8715ee7bfaa0c9df227db54a
ssdeep 3072:eXAniMSsVtMixz3zaqP7KrcH2d6uhlekKAm2LyLMa92Y07VyzkWeAwovZU:yAihsjv7Mu2nfekPm4a92L7VQkWeA/U
Threatray 14 similar samples on MalwareBazaar
TLSH 0D14AEC99F7F76C2FCE97676A6F25E23FCC02452392CB27B92DE8A9725514A094C1013
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Razy-9794901-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Sending a UDP request
Moving of the original file
Deleting of the original file
Result
Verdict:
0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:26:08 UTC
AV detection:
38 of 48 (79.17%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
1f2efa2a023e42852e744c68ec659295448900f471a47032610a9493dc1a1f85
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
59eb4977b433ca77f1590c094dead7cf6bfc1cee4ece19ec994af25d918b54b9
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-wvwk8wwx2e/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
86fe2e6e9e79698dceda960022520a304789ca3c395e5834aac148f8f9176035
MD5 hash:
dbc618e1446cfefe75326764443e1f5a
SHA1 hash:
07d580fbbc493f18aa9058173bce0fdd967c7397
Link:
https://www.unpac.me/results/fd29090a-200e-4cbc-8402-d4f06215d0ad/
SH256 hash:
918eaf076496f973df56ecf48c3949dbf857a0799fd4f3e9e7dc1dc84736f9b7
MD5 hash:
e72b52ff5ac0f384a7cf07576f8e6378
SHA1 hash:
3f63aa408dd51f95ce64e515cd4a19032260b2f5
Link:
https://www.unpac.me/results/fd29090a-200e-4cbc-8402-d4f06215d0ad/
SH256 hash:
9949c159b35aab8606057f46478d4ee6255133f7e3faf27951f1c94df4758b77
MD5 hash:
f5b4781c9c937d225d0ab571cd2a5b9a
SHA1 hash:
8ac5648177e38ef08e0bee5373d6ed2643c03c78
Link:
https://www.unpac.me/results/fd29090a-200e-4cbc-8402-d4f06215d0ad/
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Link:
https://www.unpac.me/results/fd29090a-200e-4cbc-8402-d4f06215d0ad/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments