MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c41074da2e38da01c61a00a6fb9a9983d5e6091547b4f7a5f74b3797a5a59fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c41074da2e38da01c61a00a6fb9a9983d5e6091547b4f7a5f74b3797a5a59fe
SHA3-384 hash: 30b0ca56f74653967b1900c6fda70ec63bb16cbc4683ce8d41e8e1f3dd24cb211ac1ff32dad6066f502ad8a67d1d70b9
SHA1 hash: 5e61ae8a649f435e188886d978d069efbd9d74e3
MD5 hash: 26cdd6d6e16e38f44abcf45d37017b04
humanhash: venus-december-mexico-iowa
File name:a0182bb2ace419e5d6aa78e64410fa1c
Download: download sample
File size:2'011'136 bytes
First seen:2020-11-17 11:54:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (267 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 49152:GBO/VMF75Cp0zCTKGNvUVXvDk0hoFA2jEptGNvUVXvD:WO/SFopYCTVUVXvDk0h8ZjUVXvD
Threatray 23 similar samples on MalwareBazaar
TLSH 9495236BB798C50FD94482FC748A828E30827DC421EB37B6A62EEE5757C5D716DE40C8
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Replacing executable files
Launching a process
Running batch commands
Creating a file
Deleting a recently created file
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Moving of the original file
Deleting of the original file
Enabling autorun by creating a file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c41074da2e38da01c61a00a6fb9a9983d5e6091547b4f7a5f74b3797a5a59fe/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 11:57:03 UTC
AV detection:
31 of 48 (64.58%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
06e145e0068c9631d558c1f1c04b51fe8c6a36052a6a051986642eb0dec85232
3e49774e78ed8b43c44689d65abf3c16a96c7a00523daacb5c546af823ec9b12
6153eb4861731cb8b710414247b40ca5851a31c6a79b44d488d02d59b4abc5ff
6e176a6a67a3db2b56398f4d940c956270a1d145a3b126fa37cc164530a6f5ab
75da456980b6c16a80a05269d6fee93bc18a242ebe0c7f9f014bad8828b09291
8d5fcc37dd8243986f9bb28dccd74960163c965f87f23fc4e0360f17188cc332
9ea59a3284eb0dfd4af9a58e5e5be9abf46cd42e911650f587c7d6d67d29691f
ae00e3b5b5b3fe0b6ecf5c4ccbd461eee232654c45134a66d8e4a3b7cdcdf55a
bbdd92fe560df908080324d2c514af5c674f1aa2b8c4b65d5a37a5cd6ccbbba2
ee379be40d5c1621d1e0ccf136de363f950cbc92e5ee7f2b05c447cf8f6f2398
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/201117-9eyhrwpgzn/
Behaviour
Creates scheduled task(s)
Modifies system certificate store
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Legitimate hosting services abused for malware hosting/C2
Deletes itself
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
8c41074da2e38da01c61a00a6fb9a9983d5e6091547b4f7a5f74b3797a5a59fe
MD5 hash:
26cdd6d6e16e38f44abcf45d37017b04
SHA1 hash:
5e61ae8a649f435e188886d978d069efbd9d74e3
Link:
https://www.unpac.me/results/e8e72d30-65dc-46a4-b343-cac0bc86e226/
SH256 hash:
8832fc09f3777244d352e55ead72e5d6c92281dc800165c3640f75b7d083f02b
MD5 hash:
06659420b26ca1eeae75de7e587bdffa
SHA1 hash:
59226464cb2c0a76084701f4ff0eef787ae51113
Link:
https://www.unpac.me/results/e8e72d30-65dc-46a4-b343-cac0bc86e226/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:APT_NK_Methodology_Artificial_UserAgent_IE_Win7
Create hunting rule
Author:Steve Miller aka @stvemillertime
Description:Detects hard-coded User-Agent string that has been present in several APT37 malware families.
Rule name:suspicious_packer_section
Create hunting rule
Author:@j0sm1
Description:The packer/protector section names/keywords
Reference:http://www.hexacorn.com/blog/2012/10/14/random-stats-from-1-2m-samples-pe-section-names/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments