MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Intelligence File information Yara Comments

SHA256 hash: e43ee2ab62f9dbeb6c3c43c91778308b450f5192c0abb0242bfddb8a65ab883a
SHA3-384 hash: 3ffad9f00a4603b4460ca6cdd2c8d84987f843635ffaade9ac90af8c6d740124a712e7bfd8edcbaa42a9d9a7209c599e
SHA1 hash: 181fe69fa5f931251771814d2afc7bcd85c6468a
MD5 hash: a11b982bde341475e28d3a2fa96f982a
humanhash: east-autumn-lamp-xray
File name:flokibot_0.0.0.13.vir
Download: download sample
Signature n/a
File size:245'248 bytes
First seen:2020-07-19 16:35:32 UTC
Last seen:2020-07-19 19:09:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f0ab0ef181d4a53e5620ddf18b530350
ssdeep 6144:4+fNYBdVkJNZ+lvP5Zo1GW+p0GUAieFOW/sWfaPB+LHr8fw:BfNm+PZ+lvPnRR0G1ieF5kWyB+j
TLSH 8F34122ABD43DEB9D35E107261213238C63CA02128D44DABB35F57AC5196DE7F7DD01A
Reporter @tildedennis
Tags:flokibot


Twitter
@tildedennis
flokibot version 0.0.0.13

Intelligence


File Origin
# of uploads :
4
# of downloads :
19
Origin country :
US US
Mail intelligence
No data
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
Connection attempt to an infection source
Result
Threat name:
Unknown
Detection:
malicious
Classification:
phis.spyw.evad
Score:
100 / 100
Behaviour
Behavior Graph:
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 247211 Sample: flokibot_0.0.0.13.vir Startdate: 20/07/2020 Architecture: WINDOWS Score: 100 37 springlovee.at 2->37 51 Antivirus / Scanner detection for submitted sample 2->51 53 Multi AV Scanner detection for submitted file 2->53 55 Binary is likely a compiled AutoIt script file 2->55 57 2 other signatures 2->57 9 flokibot_0.0.0.13.exe 2->9         started        13 koryyt.exe 2->13         started        signatures3 process4 dnsIp5 39 0.0.0.13 unknown unknown 9->39 69 Maps a DLL or memory area into another process 9->69 15 explorer.exe 2 18 9->15         started        71 Antivirus detection for dropped file 13->71 73 Multi AV Scanner detection for dropped file 13->73 75 Machine Learning detection for dropped file 13->75 20 explorer.exe 1 13->20         started        signatures6 process7 dnsIp8 41 springlovee.at 15->41 35 C:\ProgramData\fige\koryyt.exe, MS-DOS 15->35 dropped 43 Contains functionality to capture and log keystrokes 15->43 45 Contains functionality to inject code into remote processes 15->45 47 Deletes itself after installation 15->47 49 2 other signatures 15->49 22 sAayPtVDoSbzyctmXQUHHVjL.exe 1 15->22 injected 25 sAayPtVDoSbzyctmXQUHHVjL.exe 15->25 injected 27 sAayPtVDoSbzyctmXQUHHVjL.exe 15->27 injected 31 7 other processes 15->31 29 koryyt.exe 20->29         started        file9 signatures10 process11 signatures12 59 Overwrites code with unconditional jumps - possibly settings hooks in foreign process 22->59 61 Disables Internet Explorer cookie cleaning (a user can no longer delete cookies) 22->61 63 Overwrites code with function prologues 22->63 65 Modifies Internet Explorer zone settings 22->65 67 Maps a DLL or memory area into another process 29->67 33 explorer.exe 29->33         started        process13
Threat name:
Win32.Trojan.Zeus
Status:
Malicious
First seen:
2016-11-09 07:08:51 UTC
AV detection:
29 of 31 (93.55%)
Threat level
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: MapViewOfSection
Suspicious use of SetThreadContext
Suspicious use of SetThreadContext
Deletes itself
Loads dropped DLL
Drops startup file
Drops startup file
Deletes itself
Threat name:
Unknown
Score:
1.00

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments