MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c5f00f0d7b0c6fb68d0db3cb30d79857f0f9d6b7e07437c472ae4b150fa88b5e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c5f00f0d7b0c6fb68d0db3cb30d79857f0f9d6b7e07437c472ae4b150fa88b5e
SHA3-384 hash: 75407b6dcc7c6f67465dd0fe90d2ca71b0a80d979cc7608ce220b1a6beb83138b208b42db8d8ec6914b9e77ecc95d999
SHA1 hash: d94ed348b4b66903aff30348f1d7976e74f8c94d
MD5 hash: 988de5d0ede7d510886aa850793a2879
humanhash: network-spaghetti-avocado-virginia
File name:988de5d0ede7d510886aa850793a2879
Download: download sample
File size:445'952 bytes
First seen:2020-11-25 18:02:29 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash fb7792c06191cbe237b714610f4d98c5
ssdeep 6144:5ua8V57vikjhS3Gjvv2yTgEeSSLep54paWTvdWKSfUI:saQhyGjvv2y8EGe+S5
Threatray 1'332 similar samples on MalwareBazaar
TLSH FD9429E3FC19BCCDC40516B279A6957C1157AB9A313CC9092AB3FB0A58F63D23426F49
Reporter lazyactivist192
Tags:dll Qakbot qbot tr01

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/105676/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Launching a process
Modifying an executable file
Creating a process with a hidden window
Creating a window
Unauthorized injection to a system process
Enabling autorun by creating a file
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c5f00f0d7b0c6fb68d0db3cb30d79857f0f9d6b7e07437c472ae4b150fa88b5e/
Threat name:
Win32.Trojan.PinkSbot
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 18:03:04 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05fc949a1d235d88ebf502b47633eb9d6bd5661153869a6a596b853719af919a
1d165c74a229d4482dd99ed52261c9a054ae250a3a0e6838e2daf9f55d5e2550
204d220c365234d042f104b9d3f31c78f6aec0baa208a8ed5832340c63b0e252
4a32a7b1cf4e71d60aab5fc7830ad201c23df709d72e8f8cc36bfd736f7be962
5a88a7d4265ad336447bbd99de45886d3b8fc679ee634b1a87b1247c53ba739c
90828f1b7e4b93c6b19b11167ec12c2a81fecf73ca18cd6d17ea1696f7709bf6
c87c90e4ca093cb6ee55d605f08d1f679df35ebfe7943ffeef41ab1d2e7e39a0
e425a05ee8bd5ee32371857078122e04790578a16ca2c3b68bb89e41f33d04a2
f0e89069b78233ed90b2760d5909a7bde373b6787372770a443ba43bcc0b16e4
f8577b751ea68e1e0b746aaceddcfa6e537f855af60aa9dab9881c8c39a3f662
+ 1'322 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-3mf5b1xa16/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Program crash
Loads dropped DLL
Unpacked files
SH256 hash:
c5f00f0d7b0c6fb68d0db3cb30d79857f0f9d6b7e07437c472ae4b150fa88b5e
MD5 hash:
988de5d0ede7d510886aa850793a2879
SHA1 hash:
d94ed348b4b66903aff30348f1d7976e74f8c94d
Link:
https://www.unpac.me/results/90419fc7-d3ce-4201-b2a4-11450781373f/
SH256 hash:
63f4de6e4afba5bc0788a5acd3c1f2d4493930a1ed20a9118cf5fb26380719dd
MD5 hash:
e5c71d07456a1ed208363cf1c4398474
SHA1 hash:
3bde6ddb576f8f80c6ae58c613600b41d8820a13
Link:
https://www.unpac.me/results/90419fc7-d3ce-4201-b2a4-11450781373f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c5f00f0d7b0c6fb68d0db3cb30d79857f0f9d6b7e07437c472ae4b150fa88b5e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/105676/

Comments