MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b
SHA3-384 hash: 9dc34126828d40bc6778dc3acfa247c50246bac30b08766b0305c55e3dd25732daad3125945ebdb3013016fb5242efa3
SHA1 hash: 31605af6cebd1c2c727556cc752250ec4031f644
MD5 hash: 2648b628b9c8fbd92ec6ed0a1f070bd6
humanhash: item-quiet-washington-winner
File name:SecuriteInfo.com.Trojan.MulDrop16.20125.31593.11760
Download: download sample
File size:198'656 bytes
First seen:2021-03-12 18:35:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1232b3783645f8891e4e49e6d0b8d4c7
ssdeep 3072:lrko0okL8idCGjMoqROu2kx5aWmUb+YlFvCkTFq5vhj9:JRkL8id5YoQ59dQJ9
Threatray 63 similar samples on MalwareBazaar
TLSH F414CE10B5D0C0B3F927157148F9CFB609BABC994B2466CB7BC43B6A5E362D28636742
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Setup.exe
Verdict:
Malicious activity
Analysis date:
2021-03-12 12:53:41 UTC
Tags:
autoit stealer trojan loader evasion opendir danabot
Link:
https://app.any.run/tasks/30610470-46ff-48cb-b01a-03ff4fd3d462

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/123987/
Detection(s):
SecuriteInfo.com.Trojan.MulDrop16.20125.31593.11760.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a window
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/638179
Signature
Delayed program exit found
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2021-03-12 06:43:40 UTC
AV detection:
18 of 27 (66.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
28ddbac06dfbd1d0e8240b60dd28693b2e8ce8ddd1f0cac4bcf9f3d51f2a0ac7
6bfb41ac8df840797e06a7da047dd349e7c4dbf75804f4ef2f3a9eb06daa2e38
8cec146d7a7b594cf7748b35c63ea1fed2c994ef2cdbb5731f1b15d9c9fa1ee3
a06a77bd973a602f49aff3fa3a116c62d38f0e0c1842e9dca97531a68d1a3884
a356d92ade4d8d537ea6dfabe765d4cd2ff851faae1d4551b91e50b47aac216f
c84d98524bf72eac034a406063c9d25b3bceb254d3d03f1d68e018320c2fb506
c8a30abef2939b6c3b6193feffbaf8ba4a87c79fc32e71b10b94bbdb8e1e238f
f5acccf9cda0f0ff2063de3983bc8964b9020d30feff2e3a8b20800d3c4fe034
f9fa7707c2b699b79b0fe5948d0de10e4242220c0fd7c76062cf46fcb53f44ae
fc2a8472021c1f37e7ba14fd51259d37d10bd030ecd33134ebf42d3279ab860a
+ 53 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210312-lwnq9jxgq6/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops startup file
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
a56d515897f4d9d336602a1809949629f0e79e1fa0d55154b3b1121fb6138085
MD5 hash:
b3d3f51c4249eeaa7d5245ea4f8c7460
SHA1 hash:
2a3627e3aeeab195eec76c2a65394d178c954f9f
Link:
https://www.unpac.me/results/10e7bd0a-6b1e-4245-8363-a56b8c9ce21a/
SH256 hash:
9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b
MD5 hash:
2648b628b9c8fbd92ec6ed0a1f070bd6
SHA1 hash:
31605af6cebd1c2c727556cc752250ec4031f644
Link:
https://www.unpac.me/results/10e7bd0a-6b1e-4245-8363-a56b8c9ce21a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9f91980eb1a3a4464aa42d10c1c9b6dae51381ce2d5b2816f378ca0c4007d72b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1063334/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/123987/

Comments