MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483
SHA3-384 hash: 69f5732ce2b0dd5ec77e46858a15749ec6703dd1acf3e0e2c667551eccd0fe616920776854821b2784bf242b17555d31
SHA1 hash: d11244279f9451a8c78c715c52d7a84d6d0e6f65
MD5 hash: 82e4d4708f411624b2178c2b78e61ce7
humanhash: bulldog-south-neptune-april
File name:f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483
Download: download sample
File size:487'639 bytes
First seen:2020-11-07 19:15:48 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a6083e536d6342c425a7dad4bdc72272 (67 x Drolnux)
ssdeep 12288:isVBku20Q3FlEpuZTxtjPzs0nUB4eAEdjcqo:zKFlE4s0VAju
Threatray 33 similar samples on MalwareBazaar
TLSH C2A4AE9FF5409996EF3A0CB088614B3C60975960AFDF494B3A79F26D4A3B1F3462F046
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Malware.Packedent-6872289-0
Create hunting rule

Win.Worm.Drolnux-9786612-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
DNS request
Sending an HTTP GET request
Setting a keyboard event handler
Creating a file
Launching a process
Creating a process with a hidden window
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Sending an HTTP GET request to an infection source
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f40314a4c56831c08fe64721eb42a7ce52a08b25d6722343e8365327be940483/
Gathering data
Verdict:
malicious
Similar samples:
0dc943629e8ac7053963406edcda14ffd7a8835cb6dfb4b925f21f7dad68551c
3a32caec3609063b23a74919893f3aab134f339c7fa16ea4300355703c9c6443
3bc37efea6fe6a138a055cad0b0043443bca944a4f69c24cebc177bcb0cc3cf0
536db2930da96c059b10843fbb82ca8b53e3b10da458344d63c7fc5417a08fc4
689e78e744989b2fe56816e06b78aeab3f23d596228e77fe75b5cac9af166c8a
6d01b8b119b5a8ddd5592be94172f9c2a0aa096cbe9022fcd8c9f4e49f7b4215
7b7d8033c748ec5df4661bb07ba4829a6398763ba4d8d668c3fbc389ccbc454f
80251c02d6661dd5db4cb2d65e52ff66b9abd48d717106ff0df3ad75f343c7f8
aa6034f866e0345f7cea6a6e519785dcd7dac83d369031e30562b470f5c98ff8
dbb24dc7f99fee9111b302b3756d6dc937817ae76795946d05e156ec4b6806e9
+ 23 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence spyware
Link:
https://tria.ge/reports/201108-xn3vqmzlne/
Behaviour
Modifies registry key
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Drops startup file
Loads dropped DLL
Reads user/profile data of web browsers
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments