MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c
SHA3-384 hash: ee6e0505e3bee156a48f6e343131badc069b417a7a27014c5564e6b6b38d9e5ccf8f2f7a2d11600f6dc0c8976b46e18b
SHA1 hash: 35bad8d66c79af9dabdcdd8dcebfc0440efc42a1
MD5 hash: a239735cddd49236ae3562d43d83a8e4
humanhash: fish-apart-bulldog-foxtrot
File name:cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c
Download: download sample
File size:2'563'072 bytes
First seen:2020-09-17 17:12:37 UTC
Last seen:2020-09-17 18:11:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 91802a615b3a5c4bcc05bc5f66a5b219 (18 x Glupteba, 6 x Rhadamanthys, 3 x CobaltStrike)
ssdeep 49152:czlsjR3QZgRWsu1s8thudV3HGSQFsBL55:Q2aiRWs+1Uo2
TLSH C2C53B13FCE204FEC17EF17186919722BAB2396543327B875F9459A52A25FE4BE2D300
Reporter JAMESWT_WT
Tags:golang Ransomware smaug

Intelligence

File Origin
# of uploads :
2
# of downloads :
191
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/62964/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43839982.386.10862.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file
Creating a file in the Program Files subdirectories
Encrypting user's files
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/469374
Signature
Multi AV Scanner detection for submitted file
Writes many files with high entropy
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c/
Threat name:
Win64.Ransomware.FileCoder
Create hunting rule
Status:
Malicious
First seen:
2020-09-16 09:45:14 UTC
File Type:
PE+ (Exe)
AV detection:
19 of 29 (65.52%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200917-hl1flta176/
Behaviour
JavaScript code in executable
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Filecoder
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/cd49c58defedd1594ad6c93c1019385e171e10bede1995eecd74540debfd942c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/joakimkennedy/status/1306531852719656960?s=20
Cape
Cape
https://www.capesandbox.com/analysis/62964/

Comments