MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342
SHA3-384 hash: c2ddda448a54df0ce1f3983ea6f01bcd115d0ebfe18ebf911111123d5a3ffe6a433bdb6661c8a8b3082890a853e2a66c
SHA1 hash: ce651b549e945fab1ffbced06c671c8f050b5018
MD5 hash: da66cbc9ae879173f9e38d51a2cffdb8
humanhash: robert-sixteen-fillet-carolina
File name:file
Download: download sample
File size:142'336 bytes
First seen:2020-03-01 15:43:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 34fc9f1d705d6f6d4e6c04b364ef13e0 (9 x GandCrab)
ssdeep 1536:JLMVCWvZ8URtqOz3d+1Qs6H9Mk2e3E2avMWC3yMgYxf6+okbdWsWjcdpECaIxWzX:VM9ntZ3s1QJdnU2SQdf64ZZSCaIxWec
Threatray 38 similar samples on MalwareBazaar
TLSH 21D35C22B2D08023D1F7B231D0B4793549DEFE365865781BA3E4176E2D244D2AE2DF9B
Reporter johannes
Tags:Gandcrab


Avatar
viql
gandcrab via https://pastebin.com/raw/kiaJURuJ

Intelligence

File Origin
# of uploads :
1
# of downloads :
740
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.Gandcrab-6667060-0
Create hunting rule

Win.Malware.Razy-6829823-0
Create hunting rule

MiscreantPunch.SingleXOR.EXE.24.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gandcrab
Create hunting rule
Status:
Malicious
First seen:
2018-10-31 02:22:50 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
45 of 47 (95.74%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
068b5967c8901d4f7900792a99b2b68ce9e7a1afb59bd54fa6f1521b66abe5dd
0fad781290e1db5165942e6d7254edf797efcb2dc7712963286e054065be4ec1
2f2a4a900557ab71b03b6c026acaeb9f0e2d23f681c5d0ea58a9b0c493721312
49b769536224f160b6087dc866edf6445531c6136ab76b9d5079ce622b043200
52f2b6380b492c175837418285cbefa51f1de3187d00c01383bb5f9ca4ebe7db
64d341ecbc52f9d78080bf23559ec1778824979dd19498ee44032ec1d5224ff6
76c39773f1b2801f46d8856d7ad46b97ef500ac07febec3f0bcf623c326aea87
872bf2c276fe3242513c2ed1b254a5ab3c0dea273dde944c05b711697811753f
a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926
a81d350afaf97cc038b3f20b46d4757150d7854df5e56780326f91bc7d4fd215
+ 28 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 098aad386b0f549cefddf2001dba9f31f40d88a3618cd3a8d5589b4b0b467342

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/73080/
  
URLhaus
https://urlhaus.abuse.ch/url/57567/
  
URLhaus
https://urlhaus.abuse.ch/url/54894/
  
URLhaus
https://urlhaus.abuse.ch/url/80352/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSidSubAuthorityCount
ADVAPI32.dll::GetSidSubAuthority
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::GetTokenInformation
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::ShellExecuteExW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
WININET.dll::InternetCloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetDriveTypeA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::MoveFileExW
KERNEL32.dll::GetWindowsDirectoryW
KERNEL32.dll::GetSystemDirectoryW
KERNEL32.dll::FindFirstFileW
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameW
ADVAPI32.dll::GetUserNameW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextW
ADVAPI32.dll::CryptEncrypt
ADVAPI32.dll::CryptExportKey
ADVAPI32.dll::CryptGenKey
ADVAPI32.dll::CryptImportKey
WIN_NETWORK_APISupports Windows NetworkingMPR.dll::WNetEnumResourceW
MPR.dll::WNetOpenEnumW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::CreateWindowStationW

Comments