MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
SHA3-384 hash: 0a0f81ac5c9a8fa49bc1cc7eff8ddae4ad23da36208b717ecb73b4677785c4d908ebdd0d410b29911d9fdf6d42355b2a
SHA1 hash: 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
MD5 hash: 71b6a493388e7d0b40c83ce903bc6b04
humanhash: michigan-twenty-december-papa
File name:iec56w4ibovnb4wc.onion_Library__Ransomeware__NotPetya.bin.malw
Download: download sample
File size:362'360 bytes
First seen:2020-03-18 22:41:09 UTC
Last seen:2025-11-16 15:53:25 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 52dd60b5f3c9e2f17c2e303e8c8d4eab (1 x Petya)
ssdeep 6144:y/Bt80VmNTBo/x95ZjAetGDN3VFNq7pC+9OqFoK30b3ni5rdQY/CdUOs2:y/X4NTS/x9jNG+w+9OqFoK323qdQYKUG
Threatray 13 similar samples on MalwareBazaar
TLSH BC74126171C341B2F1F38A3455CAB75B8FFDE06687B065CECA2B1A0A1821746F739297
Reporter ov3rflow1
Tags:malw

Code Signing Certificate

Organisation:Microsoft Code Signing PCA
Issuer:Microsoft Root Authority
Algorithm:sha1WithRSA
Valid from:Aug 22 22:31:02 2007 GMT
Valid to:Aug 25 07:00:00 2012 GMT
Serial number: 2EAB11DC50FF5C9DCBC0
Intelligence: 22 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: DBD5BD417B78886EDC1574F5E872F3E1C0B07522B6881B95B6DD872AEDBEB30D
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
4
# of downloads :
385
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Exploit.CVE_2017_0147-6331310-0
Create hunting rule

Win.Exploit.CVE_2017_0145-6331313-0
Create hunting rule

Win.Ransomware.Nyetya-6331387-0
Create hunting rule

Win.Ransomware.Petya-6331314-1
Create hunting rule

Win.Ransomware.Nyetya-6331388-0
Create hunting rule

Win.Ransomware.Nyetya-6331649-2
Create hunting rule

Win.Malware.Nyetya-6356681-0
Create hunting rule

MiscreantPunch.EvilEXE.NotPetya.UNOFFICIAL
Create hunting rule

Result
Threat name:
Petya / NotPetya Mimikatz
Create hunting rule
Detection:
malicious
Classification:
rans.spre.troj.spyw.expl.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/339451
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.CVE-2017-0147
Create hunting rule
Status:
Malicious
First seen:
2017-06-27 11:01:58 UTC
File Type:
PE (Dll)
Extracted files:
2
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
05fe1601534d962e745acf8c0c577a2dbf87be8e62ea6672be043605d5906716
389518ac65595ad9138b5dd0185aae851d979d4705d74f191492f002e63438c5
3917759ae65f10aec4f9d5e5628fead573d8f3b4bba59a8f1fcd6692ec563436
51c8e10c77c9f131b207be4bff0e37a09cf4f24b3b941416ae22bc438d1730c4
767781b11adfbea680b8b77538ce011bbec0e3e3bb25df6d72b19344a4afa3f2
7c267f393664ccc38c7a4fb521587e77db7fc7e3a157a9ef5c19783f03a67c76
872c6f0c21cc04decb1b21636a3c5bf3f128dff7d4c43500cd56dd8f24d8a54a
9d6bc6e4160de2b643944978e6417707742e0d289dbf967bac789d79b67c920c
bcd9aa0b18caf74a7d771c9802cdbb4f05a810c29c2d093252f004564fe4ed2b
bf63837b5da7be5191e1c0b79a827ce8649971297f355845ae968cc44c7d9162
+ 3 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ransomware
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/355029/

Comments