MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9056b5596854e3473033e3b28577c83a70f1b5be20e4b1cf529688ad7591b70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9056b5596854e3473033e3b28577c83a70f1b5be20e4b1cf529688ad7591b70
SHA3-384 hash: e2ec7dbeb8b5bd7d1a92fad52bf6c634b82c0a67b288a314b51a2bbca4cca095daa1b84ec03aeb9bd96dbfd8eaefab21
SHA1 hash: 66667fc7c218d4d07adea4092d7b94861eaf168c
MD5 hash: d32ff14c37b0b7e6c554ce3de5a85454
humanhash: robin-william-georgia-tennessee
File name:video_driver.exe
Download: download sample
File size:794'801 bytes
First seen:2020-05-06 21:02:54 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e3ac6f0086cfc9c262d58f98094f8199
ssdeep 24576:xD2lHV4a/G9x1UhjU+EwhrrngwmsemZEqda7E:VGHV477/bornT9xZddx
Threatray 307 similar samples on MalwareBazaar
TLSH 46F46D113AF6C3B7C14201318E1B67B59BB5F75D0BA0498B63528B2F2A35BF1863D91E
Reporter mer0x36
Tags:7z Ransomware vcrypt


Avatar
mer0x36
VCrypt ransomware basically uses 7z to compress victim's files with a password.

Intelligence

File Origin
# of uploads :
1
# of downloads :
187
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Gen.Variant.Strictor.171152.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Vcrypt
Create hunting rule
Status:
Malicious
First seen:
2020-05-05 01:04:53 UTC
File Type:
PE (Exe)
Extracted files:
5
AV detection:
25 of 31 (80.65%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
18a5178de990ef6576ad3f27c3cab154b089322376d6da8921fded3ff953e70b
1bd2167a8fcbf887fef44678673db17761bb421b8f3b5144a2fb942d5f80ad95
4e8f1cfc39def8ec0ae1bd1a40636cdf68afa5a73a8f221d646edc5897b1eca7
61a586fb831e8dfaa70ec78a1c33bb32a979dca1af2be35b369d4ee05e1b114a
77d83370f3109b9a0c199c60870edd92184c170abfc2f1817cd625245fcfae10
82bb3e9ec03f5237ed521effee5b1825b59e31be522e71a05c129676e60839ee
89aa23d93dbd6a5f3f4840ac1b63dc5b8f260d4eafc0dd78ae8c5254ab03638c
d4898d4aec91b789a3abb2d9e103eb1111d783a05a119ef7d1db9ab3811a79c2
e63f387576728aa5b18cc7a2514cb3b45df942d0610af58ff38a72a7b3945b1f
f0b43b05479d8dde3603ef587da02925b703d7d5bc8332656ab9ca7f7e1554a4
+ 297 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
persistence ransomware
Link:
https://tria.ge/reports/201109-pwyh4hhyvj/
Behaviour
Modifies Control Panel
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Sets desktop wallpaper using registry
Adds Run key to start application
Enumerates connected drives
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.bleepingcomputer.com/news/security/new-vcrypt-ransomware-locks-files-in-password-protected-7zips/
  
Delivery method
Other

Comments