MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e547adb4f5efdb9519e101e98c54321ef565a0382940c4dd3c5f70ded3581af9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Ganelp

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	e547adb4f5efdb9519e101e98c54321ef565a0382940c4dd3c5f70ded3581af9
SHA3-384 hash:	c6200e5f228211cb91b82ac2114448d98d3c7dfa4df6a70b62147dfb9ed990738ef1a8e09d2b0cdbe474f2ed24a85aba
SHA1 hash:	e0ba39795b3135a86b3778d5c708be1352443456
MD5 hash:	fc89754b595414cb832a64c659901d09
humanhash:	violet-two-leopard-orange
File name:	fc89754b_by_Libranalysis
Download:	download sample
Signature	Ganelp Create hunting rule
File size:	598'016 bytes
First seen:	2021-05-05 11:04:59 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9e7191a0672d08b69dede91143488346 (6 x Ganelp)
ssdeep	3072:A2jkb/mOEpDhPDbFZdP3qsK0Z8QlVr63Kt4uNA8ktw/BJBItb3:AgkbhEh9DbFZdCsKg8SVAKtVSVeB/y
Threatray	5'476 similar samples on MalwareBazaar
TLSH	93D47F51A9617701D9C34030C7A0E2AA143C3DEF16A4961DBB8CFA4B37739EB719E94E
Reporter	Libranalysis

Libranalysis

Uploaded as part of the sample sharing project

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/150446/

Detection(s):

Win.Malware.St5xezdib-6747967-0

Win.Malware.Generic-6782322-0

Win.Malware.Johnnie-7650439-0

Win.Malware.Agen-7650445-0

Win.Malware.Generic-9773076-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Creating a file

Enabling the 'hidden' option for recently created files

Creating a process from a recently created file

Creating a process with a hidden window

Creating a file in the Windows subdirectories

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Creating a file in the mass storage device

Enabling threat expansion on mass storage devices by creating the autorun.inf autorun file

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e547adb4f5efdb9519e101e98c54321ef565a0382940c4dd3c5f70ded3581af9/

Threat name:

Win32.Worm.Ganelp

Status:

Malicious

First seen:

2020-05-03 08:21:52 UTC

AV detection:

31 of 31 (100.00%)

Threat level:

5/5

Verdict:

unknown

Result

Malware family:

n/a

Score:

8/10

Tags:

persistence

Link:

https://tria.ge/reports/210505-llltcsnrmn/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Adds Run key to start application

Loads dropped DLL

Executes dropped EXE

Unpacked files

SH256 hash:

2ad036c3a74ab8765674b67e46b92f2980726be2cc265470d5909141720077a0

MD5 hash:

e0815a0c00ab8b2a3f4e0fcc9e274596

SHA1 hash:

4d67de39ec6c72c7fa9b36c550bce5eb063290ea

Link:

https://www.unpac.me/results/e05dc008-1768-4979-9d6a-40448cd08f04/

SH256 hash:

e547adb4f5efdb9519e101e98c54321ef565a0382940c4dd3c5f70ded3581af9

MD5 hash:

fc89754b595414cb832a64c659901d09

SHA1 hash:

e0ba39795b3135a86b3778d5c708be1352443456

Link:

https://www.unpac.me/results/e05dc008-1768-4979-9d6a-40448cd08f04/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e547adb4f5efdb9519e101e98c54321ef565a0382940c4dd3c5f70ded3581af9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/150446/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample