MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0424b503bc1150372d0e31c85f9cef36d0b656a7c0d3f59663e6a468d0d7ba00. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	0424b503bc1150372d0e31c85f9cef36d0b656a7c0d3f59663e6a468d0d7ba00
SHA3-384 hash:	e0ae137f395aba1f0d15729078304c8d25b89af51ea16fd55ac59f7b7833a72504e1098e0762793239626f368f7b2c23
SHA1 hash:	83ed6edfc0dde87bfe676f46c8220b514a0d512e
MD5 hash:	905a55905a4132acbed946901a37be64
humanhash:	helium-saturn-uniform-white
File name:	0424b503bc1150372d0e31c85f9cef36d0b656a7c0d3f59663e6a468d0d7ba00.exe
Download:	download sample
File size:	94'724 bytes
First seen:	2020-03-18 10:11:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f86dec4a80961955a89e7ed62046cc0e (94 x Dharma, 1 x Crysis)
ssdeep	1536:mBwl+KXpsqN5vlwWYyhY9S4AXoFaOV0Xt2lj730j/enn9tvfXpVcCu9du:Qw+asqN5aW/hLOYOVY2lj73QGvfXHxue
Threatray	9 similar samples on MalwareBazaar
TLSH	64939D28D920C535F8A310FFCBF659BDAD644B201307C5D797C02E89AB969D6F931A32
Reporter	fbgwls245
Tags:	Ransomware CrySis/Dharma .0day

Intelligence

File Origin

# of uploads :

# of downloads :

117

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Dharma-6668198-0

Gathering data

Threat name:

Win32.Trojan.Crysis

Status:

Malicious

First seen:

2020-03-19 03:56:12 UTC

AV detection:

43 of 45 (95.56%)

Threat level:

5/5

Verdict:

malicious

2d0eb35f04745646d8c6eb3d1ab1c3e8bc8c30f1a9dc0ad89ea260e898ed9d4e

2f2e75affe9217c7211043936678fb1777e2db4a8f1986b8805ddb1e84e9e99b

4ae809a33d01626e77dcfd591902815692405d2fa1f6ae7df13ca248507e4562

5d6ae98ae540507f758287d80f4379e529b912e00a629968a5a86807fd39d7b7

6985917d29596b66d9bbc745a13d5577110d9b0408719c5559d23dd59a9e4f0b

b23eb66e588b47a73b393c87467b0b2b0431d9d346368efeaa36a76c7877cd27

c855a83b6b0b51c9e9bc1b2676d5644f1c578b87734517ce63820ca33d155707

ea6bafd96818930f83200987d64c970ad03afcae9d69fbde9dd18f2ace154a99

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0424b503bc1150372d0e31c85f9cef36d0b656a7c0d3f59663e6a468d0d7ba00

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample