MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351
SHA3-384 hash: d1be2e117a2f85a80814ba328eea85a7eb9dceb177de075dea60dc1c1bdcad31f99ecbc924ab353ed7976d306a9f6df2
SHA1 hash: 4fbf57c13fac326905633654e52e9508d6b90a03
MD5 hash: 31fba947981de81dc3387621d467bb98
humanhash: magnesium-cold-sierra-apart
File name:028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351
Download: download sample
File size:1'963'640 bytes
First seen:2022-04-19 23:48:50 UTC
Last seen:2022-04-20 10:20:27 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 789501f64a22394e849de5f3a037e51f
ssdeep 49152:4znltK5KPEIcu1vRIPy1PB7tdqqINLWD6F:4pdLIQqqINLWD6F
Threatray 39 similar samples on MalwareBazaar
TLSH T19C95F983BAC74DE6CAC667B896D343356338FD518B1E5F2F6608C2316D536C5AE4AB00
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.5% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Arkbird_SOLG
Tags:exe Ransomware

Intelligence

File Origin
# of uploads :
3
# of downloads :
417
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264741/
Detection(s):
SecuriteInfo.com.Artemis31FBA947981D.11708.7532.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug filecoder overlay spyeye
Link:
https://www.filescan.io/uploads/625f4a75ffe27d511910e577/reports/81aaa915-5f99-4112-9651-36744b091ea4/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/2c596dac-a8c6-4816-9209-1302b5a639f6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/979205
Signature
Found API chain indicative of debugger detection
Modifies existing user documents (likely ransomware behavior)
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-04-19 23:49:09 UTC
File Type:
PE+ (Exe)
AV detection:
15 of 26 (57.69%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
08e4ff0c3fd04510841e9f4e55ba0b3d2681d8f4c3405fd83dd9bbc4c2fa01d9
093f2b5a9d4628d9331751d7e6d3582cf097ab3f4091463ec895052dee8d22c3
4ff85ed4a6ed753731533acba81fb31b38923cea1eff55ea524b1a7cbc48bc3b
58c852525bf3bea185db34a79c2c5640c02f8291cdbdbe8dd7c0a9d4682f4b2c
66d2fe8e0af50d2d155608a4dfba701aa321fa7b83d5858a91f95f9bbc96f1d1
a3b2528b5e31ab1b82e68247a90ddce9a1237b2994ec739beb096f71d58e3d5b
d023f36a47d4d81491c3ffc7192669199441d7388c159f59414b3b5f137c519a
f5d920482e18df058cc0848a4e96d06af5322c05b3b61d3cf05800ab345d3edf
+ 29 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220419-3tznhacbal/
Unpacked files
SH256 hash:
028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351
MD5 hash:
31fba947981de81dc3387621d467bb98
SHA1 hash:
4fbf57c13fac326905633654e52e9508d6b90a03
Link:
https://www.unpac.me/results/e415be41-fde1-4a77-b278-9cc7f610389f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/028b0973984254fd79bbb23354eb03d61ffe1178d8e6acdf1d67804ead5d1351

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/Jirehlov/status/1516395116990111751
Cape
Cape
https://www.capesandbox.com/analysis/264741/

Comments