MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa9edd5569fc2940680fdec96cbeddd523ffe907acfabaf5db1e9283f7f227d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa9edd5569fc2940680fdec96cbeddd523ffe907acfabaf5db1e9283f7f227d9
SHA3-384 hash: 0f31a52e79b4af8260256a53e6458f3bd73c9c79de71c22d5f4ecbb8dc8b821412a4df503143eeb90b1c7cf79b00ae71
SHA1 hash: 9dc1b641895316824deebf42456afb0f0715d462
MD5 hash: 02551409b7ae5444b74283c377d1812b
humanhash: equal-oxygen-comet-dakota
File name:bild_1.exe
Download: download sample
File size:2'516'480 bytes
First seen:2020-03-27 04:07:06 UTC
Last seen:2020-03-27 05:35:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 91802a615b3a5c4bcc05bc5f66a5b219 (18 x Glupteba, 6 x Rhadamanthys, 3 x CobaltStrike)
ssdeep 24576:rdBhI91vk1/G96Rr5wl+gtK8S066u1tBqxOstDf7rp4AiVoLGCZnK04zNqxmdHP8:rdI6wlSzqx1oJ3IcWoN4Gj
Threatray 44 similar samples on MalwareBazaar
TLSH 05C55950FDEB40F9EA07693158A7527F2330620A9736DEC3C6009EA6FD67AE15D33225
Reporter Jirehlov
Tags:exe Ransomware

Intelligence

File Origin
# of uploads :
3
# of downloads :
142
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Generic-7647403-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Filecoder
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 18:41:52 UTC
File Type:
PE (Exe)
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
188560c03f91098c43058a6afed5421527621e6586bfe3ffd7d1c9c89d8f5c6a
25e7a047b79eb049df4b60224a2812a80a7fafc54ff789abc84ee7154a887a3c
5ecae17b09c610045bcd3d9daec1b89178b4b1e6cdb9d0a50285166888087d71
8e0aea169927ae791dbafe063a567485d33154198cd539ee7efcd81a734ea325
aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
e2115a42e4ef267a4484cbb5cd342ea5d12b26f93fb76f6ba92eed12129dd272
+ 34 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and Threadskernel32.dll::CloseHandle
kernel32.dll::CreateThread
WIN_BASE_APIUses Win Base APIkernel32.dll::LoadLibraryA
kernel32.dll::LoadLibraryW
kernel32.dll::GetSystemInfo
WIN_BASE_EXEC_APICan Execute other programskernel32.dll::WriteConsoleW
kernel32.dll::SetConsoleCtrlHandler
kernel32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create Fileskernel32.dll::GetSystemDirectoryA

Comments