MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413
SHA3-384 hash: 4ad46f4dae2174e4523226e190c35aa1386b18fbf2628ed945aeb249eca2e9436e0f3252cb92d2cbe7d3fda6da3c0ad2
SHA1 hash: 51674c579eb8248e45f5b53fc7de9fd79098011b
MD5 hash: 0317b3d06d95b9f63203ba5069fda224
humanhash: maryland-virginia-nuts-wisconsin
File name:0317b3d06d95b9f63203ba5069fda224.exe
Download: download sample
File size:931'328 bytes
First seen:2020-12-03 07:50:43 UTC
Last seen:2020-12-03 10:26:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ffdc1fe4ef6719586c2d06a3f83178ec
ssdeep 12288:4MX56RRLIWi+4H0pKsKapJRU+jLt10Z51WR6/9P057o28zyOi6:5CQxsRpzUkC/9PcoXzni
Threatray 7 similar samples on MalwareBazaar
TLSH 2515AE3CE7069817F2AC2BB062E36B1535329CD47261011A96B35FDE3E967B87E07784
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
110
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/106522/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.35516004.3787.25847.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/554363
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 326277 Sample: 7F84AfnNvA.exe Startdate: 03/12/2020 Architecture: WINDOWS Score: 84 33 Antivirus detection for URL or domain 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 Machine Learning detection for sample 2->37 39 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 2->39 7 7F84AfnNvA.exe 15 2->7         started        process3 dnsIp4 31 4cnx9s25gsvw.top 7->31 41 Detected unpacking (changes PE section rights) 7->41 43 Detected unpacking (overwrites its own PE header) 7->43 45 Contains functionality to detect sleep reduction / modifications 7->45 11 cmd.exe 1 7->11         started        13 cmd.exe 1 7->13         started        15 cmd.exe 1 7->15         started        signatures5 process6 process7 17 conhost.exe 11->17         started        19 reg.exe 1 1 11->19         started        21 timeout.exe 1 11->21         started        23 conhost.exe 13->23         started        25 reg.exe 1 1 13->25         started        27 conhost.exe 15->27         started        29 timeout.exe 1 15->29         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Suspicious
First seen:
2020-12-03 02:21:16 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
19f34111fba4de0d33bad011e55d6537747da3407ed2a8d16d0a14915e37298f
26b14ab4558ae165a9df3a2bc4ba6704fff3bdb4ca79a7d61c3f5b2d3be8091f
3145a8bb719097b4a48ce792e7fa87a0ae8035526021b41595569c9307b7040b
3461afe65091162758a5b7674b8ed0dfa30aab0872208172254abbeb1865c421
854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422
8c68f921d6184b60b0677a50f79bb0131b837e04589ffb72ab50b2517001e793
f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201203-cq54ke14te/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: RenamesItself
Program crash
Unpacked files
SH256 hash:
d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413
MD5 hash:
0317b3d06d95b9f63203ba5069fda224
SHA1 hash:
51674c579eb8248e45f5b53fc7de9fd79098011b
Link:
https://www.unpac.me/results/78d2823c-609e-4839-a1bb-a8c726bb9257/
SH256 hash:
59c92d833cc87db3d81c870977bce1a50f3408c98c574b8e0b3a241fd55a7c28
MD5 hash:
f339fd4aa72de137efb35668768a2b89
SHA1 hash:
9686d7cbb04bbfb5ad672b5b4e4b788ab5d29db8
Link:
https://www.unpac.me/results/78d2823c-609e-4839-a1bb-a8c726bb9257/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe d466ce4dadf517fb21e90887e3d176f36127087710053cb0be5033d0e4c6c413

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/852807/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/106522/

Comments