MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8
SHA3-384 hash: 5dbcfa5971b398dfee95dd887ae7c976c3b391d061bdc96fde9d36c073cff33b215d14da3cdee0e372647d02b98d84a2
SHA1 hash: c7eccd3b344ad8de0cc2cf913527a01b114b405a
MD5 hash: dee821bc91081a610e7e47a22522f1d9
humanhash: quebec-connecticut-undress-mike
File name:Clvse.exe
Download: download sample
File size:1'441'792 bytes
First seen:2021-02-11 09:43:27 UTC
Last seen:2021-02-11 11:58:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c6909060410640d41338f12e06188991
ssdeep 24576:Dkcta6GR4Uxx85svVrSSuGC/Mr9JT3WxNPGT:IIvHOvVrS3D/WrTSdE
Threatray 22 similar samples on MalwareBazaar
TLSH 73659D592BAB42A2DB5537B8C8B6969449190F531F28C0B55E300D1EBD2734EFC23EBD
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
72
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Clvse.exe
Verdict:
Malicious activity
Analysis date:
2021-02-11 09:46:05 UTC
Tags:
installer trojan rat pcrat gh0st
Link:
https://app.any.run/tasks/7949c7fe-7a93-41d6-8f2a-b26c03e7d31f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116755/
Detection(s):
SecuriteInfo.com.DeepScan.Generic.Mulinex.596E9635.7119.18891.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Sending a custom TCP request
Sending a UDP request
Moving of the original file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Mimikatz
Create hunting rule
Detection:
malicious
Classification:
troj.spyw.evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/605598
Signature
Antivirus / Scanner detection for submitted sample
Contains functionality to automate explorer (e.g. start an application)
Contains functionality to capture and log keystrokes
Contains functionality to detect sleep reduction / modifications
Contains functionality to infect the boot sector
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Mimikatz
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8/
Threat name:
Win32.Backdoor.Zegost
Create hunting rule
Status:
Malicious
First seen:
2020-05-16 20:22:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
02965941d39eef787b6d2483095f7c5c6eec84a2a97ce4e85eee9e0e610506e2
0367ec4f514399dfae2b74ed8b9303f1f47e527d5bc7bd7cb900710937add0a4
248c72c5eb7823243a820b9935e49534d8a94b91a6528afd8db98c9e8f56fbc0
43919cb86c587b0587b051f513b236247e4fd95cba88a8198e30c4603082cad8
88dd1107f603d79826ee256071e42d21dd152cba6f9fb4dea93e8e846a74aa47
a4053c9427fa00b62f65abf8ad7760e39df7f7ea0c72ed89375e2076f7cb79a3
a578e71d04eae80004ab431497c95fb9779a95dc7f0c60996c24c1cb7139745d
a66d1021e54269963e9a54892869d569ffa1c74d9fb1b67f023ea5fdfd90c1a6
c96fb748304f35220cae69a622318ee3e425802dea7387549af4add7ba449b7e
d19b02a35003c637360cc342d5fcdae87dc7336fc7925f07f5c0636eae22ba37
+ 12 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/210211-qam6dn2p5n/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of SetWindowsHookEx
Enumerates connected drives
Unpacked files
SH256 hash:
4778af3ceac31024ccb9ba21b7ad64162bf86cdd31c1d574b2de837f7a5b9a38
MD5 hash:
b5d42a1703c0b12e7491da7ea66281aa
SHA1 hash:
07e6a90cfb6ce5865220594536fee4911df79919
Link:
https://www.unpac.me/results/4a76964c-ed7c-431d-a759-ae96a746d76f/
SH256 hash:
eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8
MD5 hash:
dee821bc91081a610e7e47a22522f1d9
SHA1 hash:
c7eccd3b344ad8de0cc2cf913527a01b114b405a
Link:
https://www.unpac.me/results/4a76964c-ed7c-431d-a759-ae96a746d76f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eb6478f051ae5b16921ed95f6a2f761512c79787ac2b54f0d00742ad526c34b8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116755/

Comments