MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b01719e59675236df1a0e1a78cdd97455c0cf18426c7ec0f52df1f3a78209f65. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
YoungLotus
Vendor detections: 7
| SHA256 hash: | b01719e59675236df1a0e1a78cdd97455c0cf18426c7ec0f52df1f3a78209f65 |
|---|---|
| SHA3-384 hash: | 25a86be07a00a3cba1eb026c12315c397caab6950a6ddeb767091740d8e04489a6fffe2239d45cc786ef4887ea1b9596 |
| SHA1 hash: | 9214afaf9966aa452385f8b454990b3b23ed110b |
| MD5 hash: | bb56f20a2a0dec07dcde2cd7abf75eaf |
| humanhash: | winner-mountain-coffee-artist |
| File name: | 中专女生实习期间被强奸视频.com |
| Download: | download sample |
| Signature | YoungLotus |
| File size: | 719'703 bytes |
| First seen: | 2021-05-08 12:52:16 UTC |
| Last seen: | 2021-05-09 06:45:18 UTC |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 219e16fcc9bee3c339e320279e3ea7b8 (2 x YoungLotus) |
| ssdeep | 12288:MPP4xa0NIIwpaBLOyEJN8E555pb9drYxtpKw:Rxa0dwpafEJN8Ez5pDrYtcw |
| Threatray | 1 similar samples on MalwareBazaar |
| TLSH | AFE4AF123283C03ED57711728AAB826D7276FE100B2996D363C47B6E5E785F27F36126 |
| Reporter |  LittleRedBean2 |
| Tags: | exe Telegram younglotus |
Intelligence
File Origin
# of uploads :
2
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Result
Verdict:
Clean
Maliciousness:
Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank.spyw.evad
Score:
100 / 100
Signature
Checks if browser processes are running
Contains functionality to access PhysicalDrive, possible boot sector overwrite
Contains functionality to automate explorer (e.g. start an application)
Contains functionality to capture and log keystrokes
Contains functionality to detect virtual machines (IN, VMware)
Contains functionality to determine the online IP of the system
Contains functionality to infect the boot sector
Contains functionality to inject threads in other processes
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to delay execution (extensive OutputDebugStringW loop)
Behaviour
Behavior Graph:
Threat name:
Win32.Trojan.Antavmu
Status:
Malicious
First seen:
2021-05-08 12:53:07 UTC
File Type:
PE (Exe)
Extracted files:
54
AV detection:
18 of 47 (38.30%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
suspicious
Unpacked files
SH256 hash:
95eb869c9556716df5db4ec3d58c9ef068b74bb166b6caef26621d2cdd992f37
MD5 hash:
f60082d7a771d76c01aa0933296aebc7
SHA1 hash:
40f6222a47bfcb2be6745a5aa9e5839d51ededbf
Detections:
win_younglotus_g0
SH256 hash:
b01719e59675236df1a0e1a78cdd97455c0cf18426c7ec0f52df1f3a78209f65
MD5 hash:
bb56f20a2a0dec07dcde2cd7abf75eaf
SHA1 hash:
9214afaf9966aa452385f8b454990b3b23ed110b
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Antavmu
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0012.001] Anti-Static Analysis::Argument Obfuscation
2) [F0002.002] Collection::Polling
3) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
4) [C0021.004] Cryptography Micro-objective::RC4 PRGA::Generate Pseudo-random Sequence
5) [C0060] Data Micro-objective::Compression Library
6) [C0026.002] Data Micro-objective::XOR::Encode Data
8) [C0046] File System Micro-objective::Create Directory
9) [C0047] File System Micro-objective::Delete File
10) [C0049] File System Micro-objective::Get File Attributes
11) [C0051] File System Micro-objective::Read File
12) [C0052] File System Micro-objective::Writes File
13) [C0007] Memory Micro-objective::Allocate Memory
14) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
15) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
16) [C0036.002] Operating System Micro-objective::Delete Registry Key::Registry
17) [C0036.007] Operating System Micro-objective::Delete Registry Value::Registry
18) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
19) [C0036.005] Operating System Micro-objective::Query Registry Key::Registry
20) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
21) [C0036.001] Operating System Micro-objective::Set Registry Key::Registry
22) [C0040] Process Micro-objective::Allocate Thread Local Storage
23) [C0042] Process Micro-objective::Create Mutex
24) [C0038] Process Micro-objective::Create Thread
25) [C0041] Process Micro-objective::Set Thread Local Storage Value
26) [C0018] Process Micro-objective::Terminate Process