MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05276ad049558f6784fde853165a2e6de3c1a431dbf440c999108aa5e72c9c1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	05276ad049558f6784fde853165a2e6de3c1a431dbf440c999108aa5e72c9c1e
SHA3-384 hash:	5d229c1933c810c920465478e9ad0b28a6c84df23f363a44ace78f621201e939b7d3328b7586431647de708367e5f65e
SHA1 hash:	e9096f1e3bc27d6d55d100856d803875f6c3e8ea
MD5 hash:	3b4dc370de44b9e2fc626b389dd0e6b0
humanhash:	juliet-sodium-bakerloo-violet
File name:	3b4dc370de44b9e2fc626b389dd0e6b0.exe
Download:	download sample
File size:	542'720 bytes
First seen:	2022-06-05 08:10:58 UTC
Last seen:	2022-06-05 08:41:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	773b419b68ee85c7dc310a2c0760e050 (1 x GCleaner)
ssdeep	12288:aenDMpmpr8Nh66hFtnNgBD7NMMj1g9H2HBIK:DnQpy8NhJPqDJMMBg9H2l
Threatray	70 similar samples on MalwareBazaar
TLSH	T1F4B4022433F1C432E3B35F34497487502B3F746265749A8B2778CA6A7A752C2ABE5393
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	5c599a3ce0c1c850 (36 x RedLineStealer, 27 x Stop, 21 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

303

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

3b4dc370de44b9e2fc626b389dd0e6b0.exe

Verdict:

Malicious activity

Analysis date:

2022-06-05 08:27:52 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/af04d50a-5f6e-438d-bacb-f36870085182

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/276756/

Detection(s):

SecuriteInfo.com.Trojan.Pitou.17.18377.12053.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Rewriting of the hard drive's master boot record

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/629c65212acbe6fdfb613ae4/reports/56283297-1166-40a5-b304-9606764ba74e/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Pitou

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b3f53338-7072-4b5c-866d-39e71e234a8d

Result

Threat name:

Unknown

Detection:

malicious

Classification:

expl.evad

Score:

88 / 100

Link:

https://www.joesandbox.com/analysis/1006871

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/05276ad049558f6784fde853165a2e6de3c1a431dbf440c999108aa5e72c9c1e/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-06-02 10:56:21 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

22 of 26 (84.62%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=autwvucjkwhwpbh55bjrmwronxr4djbr3p2ebsmzccfklzzmtqpa._file

Verdict:

malicious

5ab2bd50c3c25890d4764206082ce96132b56cf2a84a576a102d52c364979cad

7488777dd491486b1aea7ec37b6131334f94bc3f90261d91f06a5156f0530232

770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01

7bf8c9d0aecc3f364134783278f951da9017e5c7be35073f744ded5035bef142

7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb

b1a3602f2628080fa758575fba82bf62fd7de058055a9491f9eac87fda31a2e5

cab31c58eec5fac87df0c7cf52df12ab43280e4e8b9ee50fcde4017689c976b3

f40a47af762b5f2270be9a10058551c5a134a2f22210422ab53481569e08ac00

fae0a0d40cb12f14a4eeaee7171c948688bed15ec8718de8c65834023ecac97f

+ 60 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220605-j3bs9addek/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

84e72630846de776f4fca099faca59500751e877ef1e9e0f4c9ff73292f44b43

MD5 hash:

ce5b0d18a6bba7f3c206ae567723968a

SHA1 hash:

71691165b0e385fa616e59fb1af3021d511b4db5

Link:

https://www.unpac.me/results/0f986ba5-3658-4c70-9946-a569c24d88d9/

SH256 hash:

05276ad049558f6784fde853165a2e6de3c1a431dbf440c999108aa5e72c9c1e

MD5 hash:

3b4dc370de44b9e2fc626b389dd0e6b0

SHA1 hash:

e9096f1e3bc27d6d55d100856d803875f6c3e8ea

Link:

https://www.unpac.me/results/0f986ba5-3658-4c70-9946-a569c24d88d9/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/05276ad04955/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/05276ad049558f6784fde853165a2e6de3c1a431dbf440c999108aa5e72c9c1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/276756/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample