MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

TeslaCrypt

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f
SHA3-384 hash:	303c208344cfd9f8cee22e05ae27a14f55efd4c9be8146073c756867e5746b8f5faba65ab7cb01b06375fd6aa39e9723
SHA1 hash:	c51d97e76b018918504533ffdc05b06bae420912
MD5 hash:	e5fabe055ae746e2f4af55a8a5f790ee
humanhash:	maryland-beryllium-bacon-blossom
File name:	0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f
Download:	download sample
Signature	TeslaCrypt Create hunting rule
File size:	1'127'424 bytes
First seen:	2021-02-09 10:22:56 UTC
Last seen:	2021-02-09 12:00:24 UTC
File type:	dll
MIME type:	application/x-dosexec
imphash	dae02f32a21e03ce65412f6e56942daa (123 x YellowCockatoo, 60 x CobaltStrike, 44 x JanelaRAT)
ssdeep	1536:vvU+JJ4TUuGy5j2x5K0P4oknAbQxPku0WcRTCIgi8lFPcxsdaY/LOnr+styUaSsd:vva89yhfHn3
Threatray	4 similar samples on MalwareBazaar
TLSH	C335EC3C99D9623786BAD2B5E5E295CFFD95660330256C0E88D703810A2BF977DC212F
Reporter	JAMESWT_WT

Intelligence

File Origin

# of uploads :

2

# of downloads :

100

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/116153/

Detection(s):

SecuriteInfo.com.Trojan.InjectNET.17.5348.16191.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/602810

Signature

.NET source code contains very large strings

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f/

Threat name:

Win32.Ransomware.TeslaCrypt

Status:

Malicious

First seen:

2020-11-27 07:34:00 UTC

File Type:

PE (.Net Dll)

AV detection:

22 of 29 (75.86%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

76d36d05b09395fe390b70f948d9d3750a8fc1c4c7b1ce1fb76f86a95583cd05

7d017b752826bf83685828bebc8a00b050490f46aaa8c21b0dd1020f0c9b563e

bb1b5b72a867a401876a6ad6a9bcc1f4af9f4e4fdb568ef7ce2b812796b48c7a

bffa7ec58abf9f4ab9940c1633ef86484dfc1425326ec247699bbb2d1c6e45a9

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210209-aavhy18la6/

Behaviour

Suspicious use of WriteProcessMemory

Unpacked files

SH256 hash:

0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f

MD5 hash:

e5fabe055ae746e2f4af55a8a5f790ee

SHA1 hash:

c51d97e76b018918504533ffdc05b06bae420912

Link:

https://www.unpac.me/results/fd85750c-ed15-4f6d-bcb1-903e87b64473/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

REvil

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0e451125eaebac5760c2f3f24cc8112345013597fb6d1b7b1c167001b17d3f9f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/

Cape

Cape

https://www.capesandbox.com/analysis/116153/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample