MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
SHA3-384 hash: dc2360056e25017d3862fca1a46167077d15888f496839d42367155967150dfefcdd03e9d53a120dea51b49717c2c24c
SHA1 hash: d97928ab63122dc85cc1633adf47ab7e44cac0b4
MD5 hash: f4e74e382502d391bcbec89cc8437fa8
humanhash: friend-sixteen-nine-uranus
File name:1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
Download: download sample
Signature Hive
Create hunting rule
File size:431'616 bytes
First seen:2022-03-28 21:03:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a7031d65caab126e7655c41f3a209a13 (4 x Hive)
ssdeep 6144:yVFiqeniuHH1rd4pYCYfvZvJ5T25ztiOWGM/gRQRE383g2eefM9nutc:KF7eb1rd4pYC2v2Bv83RdfM
Threatray 2 similar samples on MalwareBazaar
TLSH T1B9943903F6A250ACC0AAC1788367A633F9727C0D46357ABB1BD0FA712F65B50A72D715
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
427
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/258782/
Detection(s):
SecuriteInfo.com.Variant.Ransom.Lazy.158.22356.19665.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/11837/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug filecoder ransomware
Link:
https://www.filescan.io/uploads/624222c49253b276b793de10/reports/c203eb66-e64d-4f4b-82cf-e4565ac141fd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/f94bdead-0afb-4df7-be9b-4f624f196710
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/966213
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 598704 Sample: 9Fm2V26v8G Startdate: 28/03/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 9Fm2V26v8G.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50/
Threat name:
Win64.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-03-28 21:04:08 UTC
File Type:
PE+ (Exe)
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dba4uvqamql6miqkqv7wnshgkokqfvpj6u446m33qorfyforpjia._file
Verdict:
malicious
Similar samples:
26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
Hive
efdbfcb717b109b816e2d2f99c0d923803c70dd08fb9feb747eb90774e86116e
Hive
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220328-zwlb4sfbb4/
Unpacked files
SH256 hash:
1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
MD5 hash:
f4e74e382502d391bcbec89cc8437fa8
SHA1 hash:
d97928ab63122dc85cc1633adf47ab7e44cac0b4
Link:
https://www.unpac.me/results/cc5433c1-eb0a-4aad-a49c-f1fef6379e07/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/258782/

Comments