MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e702b64f3835bf5086d5242482fa422d0821c4502a075be429572bf79972b01d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ganelp


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e702b64f3835bf5086d5242482fa422d0821c4502a075be429572bf79972b01d
SHA3-384 hash: f30c056362243d34433c054cc4c6f71bd87e516eab1ee56a176ded958fdfa95d408d66f5ae1ec39af0e140c84595bd0e
SHA1 hash: 49856f2dc2b8a0fdb8f3143cdbe6c2dc3be4601e
MD5 hash: 2a800ae363f20b426ac7c8574098484a
humanhash: zebra-fillet-dakota-two
File name:e702b64f3835bf5086d5242482fa422d0821c4502a075be429572bf79972b01d
Download: download sample
Signature Ganelp
Create hunting rule
File size:70'967 bytes
First seen:2020-11-07 22:28:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cdf5bbb8693f29ef22aef04d2a161dd7 (69 x Ganelp, 2 x Blackmoon, 1 x Worm.Duptwux)
ssdeep 1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxeALxNDo2X8gu37kVyC:ymb3NkkiQ3mdBEFo88t3LC
Threatray 2 similar samples on MalwareBazaar
TLSH 8A63F1FA8B7816F9C9E9E63003774448306A5076DD5419E990F607851F3EE95FB80C7E
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Blackmoon-9623914-0
Create hunting rule

Win.Malware.Blackmoon-9625605-0
Create hunting rule

Win.Malware.Blackmoon-9632943-0
Create hunting rule

Win.Malware.Blackmoon-9634189-0
Create hunting rule

Win.Malware.Blackmoon-9649168-0
Create hunting rule

Win.Malware.Blackmoon-9651915-0
Create hunting rule

Win.Malware.Blackmoon-9653508-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e702b64f3835bf5086d5242482fa422d0821c4502a075be429572bf79972b01d/
Threat name:
Win32.Worm.Ganelp
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 22:38:44 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
ac493dfe6ba54362debbed51325303a9d6811c31d1ef399c76fe45604f50bc82
Ganelp
df096497c8a776e02ecc469f0caa00738b022e6eaaacbc8896df2e7cf727eaad
Ganelp
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-6fce2nyxla/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments