MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Lucifer


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f
SHA3-384 hash: 62819aa274307921c23e50c33b24c87da2db63b3216581989964c23f2af60a811c3e9fd00df86229b245668e12ede204
SHA1 hash: 0ad75bc0d0f8ee8d3be68c78a7a4a2da77e25060
MD5 hash: a550ab2eb388cda83468522da73c42d7
humanhash: romeo-fourteen-lithium-angel
File name:a550ab2eb388cda83468522da73c42d7
Download: download sample
Signature Lucifer
Create hunting rule
File size:117'760 bytes
First seen:2021-08-05 08:28:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 3072:I6Uffp/dnX+0K3vLMCFAYg9qSRH4pIcqbyB9PCfsJx1:cA3vLfmqZpLqbyraU
Threatray 23 similar samples on MalwareBazaar
TLSH T112B328E637E48963CB4E573484D327487B36C01BB702A74786A9197E0D473FA6D4E887
Reporter zbetcheckin
Tags:32 exe Lucifer

Intelligence

File Origin
# of uploads :
1
# of downloads :
145
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
a550ab2eb388cda83468522da73c42d7
Verdict:
Malicious activity
Analysis date:
2021-08-05 08:29:29 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/437cf180-d9d7-4e10-a3c7-6570cb8cdfb0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/176576/
Detection(s):
SecuriteInfo.com.Variant.Adware.BrowseFox.62.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Sending a UDP request
Creating a file in the %temp% directory
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Launching a process
Creating a process with a hidden window
Using the Windows Management Instrumentation requests
DNS request
Connection attempt
Sending an HTTP GET request
Creating a window
Unauthorized injection to a recently created process
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12740115-9d11-46d3-9994-021e27a954d3
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/827800
Signature
.NET source code references suspicious native API functions
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f/
Threat name:
ByteCode-MSIL.Backdoor.Bladabhindi
Create hunting rule
Status:
Malicious
First seen:
2021-08-05 00:42:32 UTC
AV detection:
13 of 27 (48.15%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5axcbtfhygyuclofakbgte4jkyqytqxhxk7t5tja4zqmkex22fpq._file
Verdict:
malicious
Similar samples:
01d1156922abdd8f08ab3303db31bcf58bf2bfbaf73ebc7e527a20336d2dfa0b
Lucifer
3693eed2544db668ffb7a2bdb3a3e3da63893e58c0c13602a38f1298d888947b
Lucifer
5b06e33f55673d384a5888c40473ac8dc93b1642ba870c9fa6b0797a9d319ad6
Lucifer
94dd05296d8d74177b29554f601fb651b0f9e3a9816a31eb9a688b407462f945
Lucifer
98eade342865b6c1f27721b690496e36a5d4558648cb0db626e18375b2ea78cb
Lucifer
d2d5f495be99faf5dcc31f16b20d08b31802215621595e3ffe3a56a2f69c5817
Lucifer
d722364ff131bb72ccd955508da5f0c5f30ec43cb837e6bd86b956d6ff253c31
Lucifer
ea342f618a8caa17bae45cd0a55cd404451dd0e589886ae00eb5fc9ff59e79cc
Lucifer
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence suricata
Link:
https://tria.ge/reports/210805-prsa2csr7a/
Behaviour
Creates scheduled task(s)
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Adds Run key to start application
Executes dropped EXE
suricata: ET MALWARE Generic gate[.].php GET with minimal headers
Unpacked files
SH256 hash:
e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f
MD5 hash:
a550ab2eb388cda83468522da73c42d7
SHA1 hash:
0ad75bc0d0f8ee8d3be68c78a7a4a2da77e25060
Link:
https://www.unpac.me/results/f3df8ce8-e4ad-46e0-8041-41b11e22e09a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pe_imphash
Create hunting rule
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Lucifer

Executable exe e82e20cca7c1b1412dc50282699389562189c2e7babf3ecd20e660c512fad15f

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1507312/
Cape
Cape
https://www.capesandbox.com/analysis/176576/

Comments


Avatar
zbet commented on 2021-08-05 08:28:17 UTC

url : hxxp://a0566822.xsph.ru/1233.exe