MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LockBit


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e04cdba2c9443b7a859fb328cf19fecd73b6a91d0964b405d56a42ee0721c671
SHA3-384 hash: 9aaec2e2ea72e25ea80c3383de8f6fa397271549f60c027f3f37e5403933c57f19fa51d658529f5e83abd3fe59665768
SHA1 hash: 5bf37573ba0ad897f57f636e7a98aaa24717ab32
MD5 hash: 85b2a7f42dff2d06d9b80acbde26de71
humanhash: bluebird-indigo-pasta-mango
File name:85b2a7f42dff2d06d9b80acbde26de71.exe
Download: download sample
Signature LockBit
Create hunting rule
File size:686'592 bytes
First seen:2020-03-31 11:57:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash dc23b4fa73a8645d2cdcb79c320ed34d (1 x LockBit)
ssdeep 12288:A3uIyqWtM1lLMCbXV+kQmlrYezd52Xj/o9BMy5P1wssL6LxbUip41R9tdJsBXsVX:AxWtcIiM7O3zvCj/+Bbtwss+eW4FJsBg
Threatray 7 similar samples on MalwareBazaar
TLSH 65E42373D5638750C720967E22A7A200DF098B66565B9FA33BEFE78B9FC43471B29104
Reporter f0wlsec
Tags:exe lockbit PE Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'522
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Packer.Mpress-7
Create hunting rule

Win.Ransomware.Wanna-7618501-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kizi
Create hunting rule
Status:
Malicious
First seen:
2020-03-07 23:38:20 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
28 of 31 (90.32%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
0f9626653c8358d4e8315b97feafe2ed604ff67a9a159d47219685b2e15c1665
LockBit
64dc4778b395fe6ba6b4911bb39d41dc2a1d5cb0655c0f369b25b5e38f0e27ec
LockBit
9631ffcc8769d5ea6582646908a7a7e795cfee8d4fdaa3f1559deefb45ee6934
LockBit
9b071bb883d03ad019622019118ed94894f8471ec7bff4982acc87267a552c68
LockBit
a1b6faa0465ec8bf30e3450f9679f121ff9e724257577c38c813b77e82e1f42f
LockBit
bec4fa4086e8913a708a4bacb710b4f88f82082a2d282641b24af1f31e6652b9
LockBit
e2136c8268bb5be4fe2a295a9bb9250c00437452cd3d65822290e3a68b1fb94b
LockBit
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/d216389a-5ca6-4a01-9668-ee53f28a1497/
  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteW
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegLoadKeyW

Comments