MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 c3fc242f919ef27d4c58f6ca5054050513f63c00be0b8136cef28d1f04344d31. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | c3fc242f919ef27d4c58f6ca5054050513f63c00be0b8136cef28d1f04344d31 |
|---|---|
| SHA3-384 hash: | 262317aba52747592fc6732289dee93e23e3d63490a9952441d79c92d59ddf5e7466e26f20fa20cf2161a5e0d7040936 |
| SHA1 hash: | c6b0c94bb4914a24a3e6dcb2ab33c712d00d1c1c |
| MD5 hash: | 0d7145d85c8fba7e18fbd632f05c125b |
| humanhash: | purple-connecticut-tennessee-twelve |
| File name: | a78e8a5f0263ddfe6e73c029f3b31a0c |
| Download: | download sample |
| File size: | 385'026 bytes |
| First seen: | 2020-11-17 15:10:04 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | b71ae52e8715ee7bfaa0c9df227db54a |
| ssdeep | 6144:Oji+amwwNJ9d+/FInOqN90W7cyqCxSngmMBqfycuPbUl0i5cD5J6U:2iLmw2JSMD0npM4dl0v5JF |
| Threatray | 73 similar samples on MalwareBazaar |
| TLSH | 6E84BEB6B69C6E18CC3E3037057E7200A9C97B167DA8A35EE558B74B49E2D37418F270 |
| Reporter |  seifreed |
Intelligence
File Origin
# of uploads :
1
# of downloads :
59
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:
Behaviour
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
Creating a window
Moving of the original file
Deleting of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Trojan.Glupteba
Status:
Malicious
First seen:
2020-11-17 15:20:46 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
5/5
Verdict:
malicious
Similar samples:
+ 63 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
9/10
Tags:
n/a
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Deletes itself
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Unpacked files
SH256 hash:
c3fc242f919ef27d4c58f6ca5054050513f63c00be0b8136cef28d1f04344d31
MD5 hash:
0d7145d85c8fba7e18fbd632f05c125b
SHA1 hash:
c6b0c94bb4914a24a3e6dcb2ab33c712d00d1c1c
SH256 hash:
af62cd8668627b40b6cf6a81f7bd25b7fc6e9dac6a19c3ee6f4d611e8de14e78
MD5 hash:
c24e6e5d47fc69ea523b1869ea6860c9
SHA1 hash:
4f340628b89898118f121cd079d21bbb94543b41
SH256 hash:
f045ee52209b97809f157159b4f0b0acb96a4ad8c88ccac126342726f148b2ca
MD5 hash:
e50a7d584c3072d164ca47778354b429
SHA1 hash:
07f147cbf132e1df28878c1272ea012eb33eee8b
SH256 hash:
de4878d3c9b79067a57e253c82036575324f15c64b0834b8f2e128dea4527277
MD5 hash:
e2c60350898ba620e3b73ed7800eb1bc
SHA1 hash:
4e1d59b016662199a13653870830e424b2550074
SH256 hash:
ea1e85fb559442e24f7d61a8a6b2d9e07e27bff5b094199a05b3ab10f97381fa
MD5 hash:
bee8c227972c10d935ed8b27c20bf5e1
SHA1 hash:
6e46da760bd1d2a38ec818e31963df8df5815420
SH256 hash:
7247777e0750f1c4c40a426ac49efcf99a9f70d1e314080581770e6a07143c10
MD5 hash:
254dd7ae447add110f673c69736239d9
SHA1 hash:
dcbbec16429e1eedef9f9d54507e7f28b3bb4fb7
SH256 hash:
dddac9cacfc78e1652b0010c4806f22d16e5abc867e3c8dc5463dadff2881792
MD5 hash:
80ead838038a6cb8a90ed1ed4ff30d46
SHA1 hash:
c6b67f2c8ee19b6d8d274c3f3347b35fdf42a3b7
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.