MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 1


Intelligence 1 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8
SHA3-384 hash: 9b346359dcefde8192f7523f3c6b793f1d7e12a7f4a0970e527f653bc4c4ae7a9a8e5cdf3c88fd398bfed3ff03770d12
SHA1 hash: d99a88a39558283b9438cd87336da0ca109f1f4c
MD5 hash: a53f2aed63e949f39d2dde702a8a35a6
humanhash: enemy-magnesium-fix-washington
File name:ef8e48bd72babfdc3e9c15309d8a3a2abab38907f6522c476c2e71bbc70402b8.bin
Download: download sample
File size:1'786'992 bytes
First seen:2020-06-01 14:29:07 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 40c00d65ce3b9e52dcb104dcda8b7ae1
ssdeep 24576:J+yqXNvkq0ZFc9/NRBt2vWurI4NWD5lswRakdWWawPstVamJH65VeT+bWOzqTgIz:A55t2vJKkVamNT6W8qTgBZ2T
Threatray 1 similar samples on MalwareBazaar
TLSH 07857C21E7D19078F8FA5076A2FE2BF648397C16932595DF52D035E849306E2373EB0A
Reporter Anonymous
Tags:NetWalker

Code Signing Certificate

Organisation:Sassafras Software Inc.
Issuer:COMODO RSA Extended Validation Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:Jan 14 00:00:00 2020 GMT
Valid to:Jan 13 23:59:59 2021 GMT
Serial number: 4E5D0FE05373EC0D8B77DA3F72D8D50D
Thumbprint Algorithm:SHA256
Thumbprint: F99260F1DC879C8947D2D2EE8E0CC446BA356A2FBDC4EDF42DEF2D8FEBF58873
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Anonymous
Zero2Automated Course

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'012
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Verdict:
unknown
Similar samples:
b05a3383d846cfb3c60eb9d4c494964e15defc9fc767263be629913240b42353
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/201109-wmsy9hgfms/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Drops file in Windows directory
Modifies service
Checks installed software on the system
Checks BIOS information in registry
Modifies AppInit DLL entries
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:with_sqlite
Create hunting rule
Author:Julian J. Gonzalez <info@seguridadparatodos.es>
Description:Rule to detect the presence of SQLite data in raw image
Reference:http://www.st2labs.com

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments