MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 01157c3e056d2040250598bc9b4aac8b4ad8b7f2c595381d320290dd79b8317d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Winlock


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 01157c3e056d2040250598bc9b4aac8b4ad8b7f2c595381d320290dd79b8317d
SHA3-384 hash: 883abd0e6a5b1d6887c27bfc4d5d3ad1ab2571026ee49587c0e47b55c378c033da333fb2f9d37ddf1cfd3d1a44009182
SHA1 hash: 39a58879b0327145f5eb94caa83227564b11abde
MD5 hash: 09387dad1341f534ad51966168c0e4af
humanhash: hot-west-ohio-virginia
File name:wifihacker.exe
Download: download sample
Signature Winlock
Create hunting rule
File size:884'486 bytes
First seen:2020-04-15 09:03:16 UTC
Last seen:2023-05-14 18:43:28 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c9adc83b45e363b21cd6b11b5da0501f (82 x ArkeiStealer, 60 x RecordBreaker, 46 x RedLineStealer)
ssdeep 24576:sAT8QE+kNUwXIPg9i2PGb/tK8D2RvL2Jc8N9RI:sAI+uUwLOTtKO2RLBEI
Threatray 75 similar samples on MalwareBazaar
TLSH 31155961D2CCBDE5D42902B78C36F9352122EE54D5785C6B6CEA3826BAF31833476D0E
Reporter Jirehlov
Tags:exe Ransomware Winlock

Intelligence

File Origin
# of uploads :
2
# of downloads :
282
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Dropper-6.UNOFFICIAL
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

SecuriteInfo.com.PSW.Generic8.ISF.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Diztakun
Create hunting rule
Status:
Malicious
First seen:
2020-04-15 09:15:19 UTC
File Type:
PE (Exe)
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aekxypqfnuqeajiftc6jwsvmrnfnrn7sywktqhjsakin26nygf6q._file
Verdict:
suspicious
Similar samples:
06c470803b445fa48419f5840100b63e2248b72e64c6c0ef47c44c07ff36d2a9
Winlock
30ee19d9f9b1e7c313c08903a1d5150461447f5fd989e82a982c1b6462698c4f
Winlock
341847d9c11face1487ab04072d6ddc5065a379011c6684e56e1f4fa8d8ab3f3
Winlock
3a7f7b56d9b3c6996f00bd40b7ff5d70e0ce858fc76cc0d89f603a26c34e9e5c
Winlock
7ee9786ce295430044ac02259ca43dd92a036f3146533b308dca24f87e05edd4
Winlock
aa0391688fb348eaa32856bcf0caca596177985f4dd9733f69ab2018ba8d1ff7
Winlock
cd2fb19598084681b5fe849bf1cdbabb07325de447d8150463d189440e10932d
Winlock
d5445db0317af2ab05690f7037065681f908b3ae4da8d53ff5160b6627d74aac
Winlock
d620778dbbcf11e3a293aeaaebac7b6a9a02e7d8790ca5ffa59bda1e9b9632f4
Winlock
fcac1c6c86cda94817da16feb772744ab591e3d1192955b32b074034ea122bf1
Winlock
+ 65 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/siri_urz/status/1250343299623206912

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User Authorizationadvapi32.dll::AllocateAndInitializeSid
advapi32.dll::EqualSid
advapi32.dll::FreeSid
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
MULTIMEDIA_APICan Play Multimediagdi32.dll::StretchDIBits
winmm.dll::timeKillEvent
winmm.dll::timeSetEvent
SECURITY_BASE_APIUses Security Base APIadvapi32.dll::AdjustTokenPrivileges
advapi32.dll::GetTokenInformation
SHELL_APIManipulates System Shellshell32.dll::ShellExecuteExA
shell32.dll::ShellExecuteA
shell32.dll::SHGetFileInfoA
WIN32_PROCESS_APICan Create Process and Threadsadvapi32.dll::OpenProcessToken
kernel32.dll::OpenProcess
advapi32.dll::OpenThreadToken
kernel32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIkernel32.dll::TerminateProcess
kernel32.dll::LoadLibraryA
kernel32.dll::GetStartupInfoA
kernel32.dll::GetDiskFreeSpaceA
kernel32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programskernel32.dll::WinExec
WIN_BASE_IO_APICan Create Fileskernel32.dll::CreateDirectoryA
kernel32.dll::CreateFileA
kernel32.dll::DeleteFileA
kernel32.dll::GetWindowsDirectoryA
kernel32.dll::GetSystemDirectoryA
kernel32.dll::GetFileAttributesA
WIN_BASE_USER_APIRetrieves Account Informationkernel32.dll::GetComputerNameA
advapi32.dll::GetUserNameA
advapi32.dll::LookupPrivilegeValueA
WIN_REG_APICan Manipulate Windows Registryadvapi32.dll::RegCreateKeyExA
advapi32.dll::RegOpenKeyExA
advapi32.dll::RegQueryInfoKeyA
advapi32.dll::RegQueryValueExA
advapi32.dll::RegSetValueExA
WIN_USER_APIPerforms GUI Actionsuser32.dll::FindWindowA
user32.dll::PeekMessageA
user32.dll::CreateWindowExA

Comments