MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bd190203a73b19bda71958ad24f3b7cfc2867e5ac6c607444c6e406fb3ab476. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence 5 File information Yara Comments

SHA256 hash: 9bd190203a73b19bda71958ad24f3b7cfc2867e5ac6c607444c6e406fb3ab476
SHA3-384 hash: 3ff10aeed99c5fda838ec773636964b00bd5f46ca154189a5dc1914f594412ecd98c77daa30dd37f293470879e268474
SHA1 hash: 7d5f8df774d0c28f0165c30369037e2a3584aab6
MD5 hash: 605fd6ecbb77d69c381f18a865002edb
humanhash: network-jupiter-mango-india
File name:SecuriteInfo.com.Win32.HLLW.Autoruner1.38636.30902.31421
Download: download sample
Signature n/a
File size:115'712 bytes
First seen:2020-08-01 19:36:19 UTC
Last seen:2020-08-02 07:32:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b203abe521a79b16141cb75f2931885b
ssdeep 1536:vUhqKNndVngozSpOGmizj1ByWNhj7yJTZvnQs+/hQQuZuEKT2J4cW:vUhqoVgomFdj7yJTZL+/EZuF5cW
TLSH A4B36B2572CC8C32E05621389DE18B7E5E7E3871077F11AB5BE10DBE0A14AD5E724B9B
Reporter @SecuriteInfoCom

Intelligence


File Origin
# of uploads :
2
# of downloads :
39
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Signature
Found potential dummy code loops (likely to delay analysis)
Potential time zone aware malware
Tries to detect virtualization through RDTSC time measurements
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Lethic
Status:
Malicious
First seen:
2013-11-14 23:18:00 UTC
AV detection:
25 of 31 (80.65%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Adds Run key to start application
Drops desktop.ini file(s)
Modifies WinLogon
Modifies WinLogon
Adds Run key to start application
Drops desktop.ini file(s)
Modifies WinLogon for persistence
Modifies WinLogon for persistence

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments