MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


YoungLotus


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa
SHA3-384 hash: c2e377ba0bdcc77e4445155531b2d1ab3dcba0d3110a0d19c1bfe0f63127cca58d39394b70e69ab18804cab4334d1142
SHA1 hash: 60534147c1e80845d7efb7168b22a938b87340e8
MD5 hash: aa307fa2ceddb48e87325d2e6c5044ef
humanhash: echo-venus-lemon-kansas
File name:hpqhvsei.dll
Download: download sample
Signature YoungLotus
Create hunting rule
File size:929'280 bytes
First seen:2021-02-12 10:32:51 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 1c7e6223b16bbee134582bfa1fca4130 (2 x YoungLotus)
ssdeep 12288:OGn/eW8j2gQx5E0Ye8xJT56z0FNImlIfMi+v7zJYOJxk:1fgQY0Ye8xJAzH+v7z6OPk
Threatray 7 similar samples on MalwareBazaar
TLSH 56154B91A682903EE4BB3F321C74B6B21F6D79A03B6697D3134416321FA52C1EE31F56
Reporter r3dbU7z
Tags:dll younglotus

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/116912/
Detection(s):
PUA.Win.Adware.Domaiq-6840275-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/606674
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 352369 Sample: hpqhvsei.dll Startdate: 12/02/2021 Architecture: WINDOWS Score: 60 17 Antivirus / Scanner detection for submitted sample 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Machine Learning detection for sample 2->21 6 loaddll32.exe 2 1 2->6         started        9 loaddll32.exe 1 2->9         started        process3 dnsIp4 15 45.199.111.218, 49734, 80 DXTL-HKDXTLTseungKwanOServiceHK Seychelles 6->15 11 rundll32.exe 6->11         started        13 conhost.exe 9->13         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa/
Threat name:
Win32.Trojan.Johnnie
Create hunting rule
Status:
Malicious
First seen:
2020-06-22 07:50:00 UTC
AV detection:
19 of 27 (70.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7qcdrat64zj3bacloxrqxf6u7zebqceb5us4li6vxg5u7rtj6kva._file
Verdict:
malicious
Similar samples:
013dbddaecc4f28bf053ce1643c4acdc992b74d1fe7d53c76419a28804dd7ac8
YoungLotus
5bfa97b6f9a50bd8062d57b59590dfc0ae18b2b810d102e41c40042a253b8168
YoungLotus
66999fd9719e48bd2f4b67e3bffcc90c075e6b2bf8492e2e74c92719d903272b
YoungLotus
7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
YoungLotus
9f1052a754dc0ff5aa1689b68581b845996b9ee8cb94d4382ceebb0dfbaa0231
YoungLotus
b2fb16cdb1700f495f93d93ff1ec622581c0e829f617932767cd926dbaee6d76
YoungLotus
b65776ee765163d76689852aa6e04a614663c762a2ffca103f5faa4cdb5759fd
YoungLotus
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210212-djsqk6evzj/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Unpacked files
SH256 hash:
448a7c23ef214047b78a45504d8e90c66f88a06c7c6ae6994de76c1ea86e73cc
MD5 hash:
764ce39378bdb778a1e72db11f23d556
SHA1 hash:
bcc632174d7d837d239707e5f5eff44a9876b287
Detections:
win_younglotus_g0
Create hunting rule
win_younglotus_auto
Create hunting rule
Link:
https://www.unpac.me/results/bd67af5f-2b48-472d-9db2-7a763d472951/
Parent samples :
1a0f50a527dbb9c27e7a740bdc2e34223ebe580679c832005a880e7cbd68ae42
b65776ee765163d76689852aa6e04a614663c762a2ffca103f5faa4cdb5759fd
b2fb16cdb1700f495f93d93ff1ec622581c0e829f617932767cd926dbaee6d76
5bfa97b6f9a50bd8062d57b59590dfc0ae18b2b810d102e41c40042a253b8168
7519ecc88854cf96e369f110243fec46fbf20e8d1259ffaee06ef865f59a3aa7
fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa
SH256 hash:
fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa
MD5 hash:
aa307fa2ceddb48e87325d2e6c5044ef
SHA1 hash:
60534147c1e80845d7efb7168b22a938b87340e8
Link:
https://www.unpac.me/results/bd67af5f-2b48-472d-9db2-7a763d472951/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc0438827ee653b0804b75e30b97d4fe48180881ed25c5a3d5b9bb4fc669f2aa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_younglotus_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/116912/

Comments