MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 8b2e2511d5ebbee5a597370b10bd62699406e8e0da0d45a5acf193a6a7ad5e3d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 3
| SHA256 hash: | 8b2e2511d5ebbee5a597370b10bd62699406e8e0da0d45a5acf193a6a7ad5e3d |
|---|---|
| SHA3-384 hash: | f09537789c77c001811a1003e76e516b9bcb10fa2537307201dab0ba59834ffe1c701126d91f81944bd383d962b7cdc9 |
| SHA1 hash: | 63c871a0a99e2e8e14fc6eeb9ce5795ae484a14a |
| MD5 hash: | a767c5fe5b22c8235e4bb57f9c40328b |
| humanhash: | white-oscar-pasta-alabama |
| File name: | a767c5fe5b22c8235e4bb57f9c40328b |
| Download: | download sample |
| File size: | 385'026 bytes |
| First seen: | 2020-11-17 14:26:46 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b71ae52e8715ee7bfaa0c9df227db54a |
| ssdeep | 6144:Aq8FcVRxQpXzWCWoPzeXq0W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:HQpXnzeA0npM4dl0v5JF |
| Threatray | 82 similar samples on MalwareBazaar |
| TLSH | 2384AE85B2DCDC15C93D777B2D2DF215ABB24ED69826A00EE57883978A92CF305CB1D0 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-11-08 16:38:36 UTC
AV detection:
27 of 29 (93.10%)
Threat level:
5/5
Verdict:
suspicious
Similar samples:
+ 72 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
n/a
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
8b2e2511d5ebbee5a597370b10bd62699406e8e0da0d45a5acf193a6a7ad5e3d
MD5 hash:
a767c5fe5b22c8235e4bb57f9c40328b
SHA1 hash:
63c871a0a99e2e8e14fc6eeb9ce5795ae484a14a
SH256 hash:
5a94e36dfb0e94a70b05abe37920aca0558d5835452975a27b8c3fb11687927c
MD5 hash:
307807c3f69c09bdbc32eb4ed97ff866
SHA1 hash:
0cdbed9fafb9af8f5655a213ad213cf549da283d
SH256 hash:
8705e882775730be01d5d67c9b0feb3ee5762687543cf2081f220002521703bd
MD5 hash:
f52470e2d225d5be0d788c5f88e6ad5e
SHA1 hash:
4a8db857e6aab9c83020f37dfe447f352c91291f
SH256 hash:
f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca
MD5 hash:
e50a7d584c3072d164ca47778354b429
SHA1 hash:
07f147cbf132e1df28878c1272ea012eb33eee8b
SH256 hash:
058359288db169e0c19e1eeed4acf7c4041f5d0ce084dcd4de6ed62d77b91935
MD5 hash:
f53ee1921141ff4ed06f9e11272043f0
SHA1 hash:
5d7c987c9ab8ba1f9bc8784f00c623dcff5b73b5
SH256 hash:
7bc02f3cc57ea47080d0e4e15e5c4937b71f0e708a07bb3442ef3a630efe40b5
MD5 hash:
e10e93205c2bdc08f7378b5b4bdf20d9
SHA1 hash:
ac21bcc63a87a0aab0cfd934c710613ce5d9c5cc
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.