MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sugar


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9
SHA3-384 hash: c02b3b8763c938ca8bdec54545c75e12588b3e8ab2440cf079862948fe059d94d32c4ae63593ae5be66acad06e251933
SHA1 hash: 737457effda8ffe27dbdf28423f471c5574478f4
MD5 hash: 9b22e10431fe7b9bacf7781326cc31a5
humanhash: leopard-whiskey-pip-arizona
File name:09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9.bin
Download: download sample
Signature Sugar
Create hunting rule
File size:59'392 bytes
First seen:2022-02-03 01:11:59 UTC
Last seen:2022-02-03 02:55:25 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29dc79e4c9ab8bfa299719f434758791 (3 x Sugar)
ssdeep 768:RHHVVSK0sK8OxR6SkYZwjMuuZalFOGc5ZQKkCcU9Xlupi4LrKmvTJ9VxGkwFelX:RnV4mmP2jI0OGbjCcUtlujLPxGkwAlX
TLSH T1C04301773D3928B0E7C717302917D8BAD6DA4B9455380A77A5701C8E3FB2BEA4133A14
Reporter Arkbird_SOLG
Tags:exe packed Ransomware Sugar

Intelligence

File Origin
# of uploads :
2
# of downloads :
495
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9.bin
Verdict:
Malicious activity
Analysis date:
2022-02-03 01:22:55 UTC
Tags:
evasion
Link:
https://app.any.run/tasks/33f85e47-a435-4308-acaa-79259a3d575c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/231407/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.34595.2744.22071.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Сreating synchronization primitives
Creating a file in the %temp% directory
Sending an HTTP POST request
Searching for synchronization primitives
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/5822/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
filecoder packed
Link:
https://www.filescan.io/uploads/61fb2be618d1bfdde4ed7ed0/reports/460762a5-2262-4957-a0a2-8b0e663ee063/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Encoded01 Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/efab5e3a-5c41-4463-b2c4-330700e395bf
Result
Threat name:
Unknown
Detection:
malicious
Classification:
rans.evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/932926
Signature
Antivirus / Scanner detection for submitted sample
Creates files in the recycle bin to hide itself
Found string related to ransomware
Found Tor onion address
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Writes many files with high entropy
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9/
Threat name:
Win32.Ransomware.FileCryptor
Create hunting rule
Status:
Malicious
First seen:
2021-11-24 07:40:00 UTC
File Type:
PE (Exe)
AV detection:
34 of 43 (79.07%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bgwxfla65xxr52akvbl6gaawdpdqdiwqmecuap5x6omszpzxzc4q._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence ransomware spyware stealer
Link:
https://tria.ge/reports/220203-bkjr5scfd7/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies system certificate store
Drops file in Program Files directory
Drops file in Windows directory
Drops desktop.ini file(s)
Looks up external IP address via web service
Reads user/profile data of web browsers
Sets service image path in registry
Unpacked files
SH256 hash:
0f260472b032d48ce4652466f30bbc140c6e815afe01f0ee36ab32e4c545c3c4
MD5 hash:
fcfb78142b53714757afac3a279a680b
SHA1 hash:
c07e5747aee7166e503dc72d7fac2ebf76ddfcc8
Link:
https://www.unpac.me/results/c4cb7e61-5f07-4768-9ca1-bcfff9d8be49/
SH256 hash:
09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9
MD5 hash:
9b22e10431fe7b9bacf7781326cc31a5
SHA1 hash:
737457effda8ffe27dbdf28423f471c5574478f4
Link:
https://www.unpac.me/results/c4cb7e61-5f07-4768-9ca1-bcfff9d8be49/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/09ad72ac1eed/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.47
Link:
https://yomi.yoroi.company/submissions/09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb
Cape
Cape
https://www.capesandbox.com/analysis/231407/

Comments