MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
SHA3-384 hash: 6f04581de504d67a066a2978419a3031e2f2a5610baf571bc8f41f313ac366c9f971c736f31bfe09ce53637be47b6202
SHA1 hash: 65493334787367a831e5f8d7f59fc314fa4ee164
MD5 hash: 77e81b2404035f0e2960c1cc79c5817e
humanhash: zebra-fanta-ink-cup
File name:SecuriteInfo.com.Mal.EncPk-APW.10913.25582
Download: download sample
File size:1'089'024 bytes
First seen:2020-11-25 12:55:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 549411e56705d63159cfdcea33bc8504
ssdeep 12288:4MX56RRLIWi+4H0pKsKapJRU+jLt10Z51WR6/9P057o28:5CQxsRpzUkC/9PcoX
Threatray 2 similar samples on MalwareBazaar
TLSH 62359D7CD7029817F2AC2BB062E36B1535329CE47261011A96B35FDE3E9A7B87E17740
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/546930
Signature
Antivirus detection for URL or domain
Contains functionality to detect sleep reduction / modifications
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 322560 Sample: SecuriteInfo.com.Mal.EncPk-... Startdate: 25/11/2020 Architecture: WINDOWS Score: 92 32 g.msn.com 2->32 36 Multi AV Scanner detection for domain / URL 2->36 38 Antivirus detection for URL or domain 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 2 other signatures 2->42 8 SecuriteInfo.com.Mal.EncPk-APW.10913.exe 15 2->8         started        signatures3 process4 dnsIp5 34 4cnx9s25gsvw.top 8->34 44 Detected unpacking (changes PE section rights) 8->44 46 Detected unpacking (overwrites its own PE header) 8->46 48 Contains functionality to detect sleep reduction / modifications 8->48 12 cmd.exe 1 8->12         started        14 cmd.exe 1 8->14         started        16 cmd.exe 1 8->16         started        signatures6 process7 process8 18 conhost.exe 12->18         started        20 reg.exe 1 1 12->20         started        22 timeout.exe 1 12->22         started        24 conhost.exe 14->24         started        26 reg.exe 1 1 14->26         started        28 conhost.exe 16->28         started        30 timeout.exe 1 16->30         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3/
Threat name:
Win32.Trojan.Glupteba
Create hunting rule
Status:
Malicious
First seen:
2020-11-25 12:56:07 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
3461afe65091162758a5b7674b8ed0dfa30aab0872208172254abbeb1865c421
854d167ff218c5caa012baaa7bb80a2bfdd1ec9c4c6b3a66bef57240ade29422
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201125-atjdda3hxn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Delays execution with timeout.exe
Suspicious behavior: RenamesItself
Program crash
Unpacked files
SH256 hash:
f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3
MD5 hash:
77e81b2404035f0e2960c1cc79c5817e
SHA1 hash:
65493334787367a831e5f8d7f59fc314fa4ee164
Link:
https://www.unpac.me/results/e7d30272-ec0e-49dd-be31-62cada07d8f3/
SH256 hash:
59c92d833cc87db3d81c870977bce1a50f3408c98c574b8e0b3a241fd55a7c28
MD5 hash:
f339fd4aa72de137efb35668768a2b89
SHA1 hash:
9686d7cbb04bbfb5ad672b5b4e4b788ab5d29db8
Link:
https://www.unpac.me/results/e7d30272-ec0e-49dd-be31-62cada07d8f3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Glupteba
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f9e951a510a200a8660f3136cac9fed1d5566f9f89769178734fcbda3f9817b3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/852811/
  
Delivery method
Distributed via web download

Comments