MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc
SHA3-384 hash: cc92a5dbd2220266de36d4f1cc8b43f00f21e6b1e200982027b9abfaa67c32cd9f2afce5994d7f13ba63aec0276383c9
SHA1 hash: 0bbde5e6b3aefc33014ec3c1f1e61d8664a33a75
MD5 hash: 23f82ce9f5f8e02614b31cc0810e0d5f
humanhash: lion-pluto-fish-texas
File name:206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc
Download: download sample
Signature Hive
Create hunting rule
File size:425'998 bytes
First seen:2022-04-14 14:59:13 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d6247b74ff5623cf80dd1bb6359eeaea (7 x Hive)
ssdeep 6144:uBi1E8KajuJy9wZv46fuv1Y3JexJARe3L3htJrYyix/lyh4C1eLVa5wcHTC4p8eC:oyz9YOAozJUUh48eUGcHTDaI3dm/
Threatray 10 similar samples on MalwareBazaar
TLSH T1F3948C05F983D6BEC863587014BFF23BE630591D4102CF6BEFE59D74BA2AB50960960E
TrID 38.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.0% (.EXE) Win64 Executable (generic) (10523/12/4)
8.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
498
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
sample.exe
Verdict:
Malicious activity
Analysis date:
2022-04-13 06:49:38 UTC
Tags:
ransomware stealer
Link:
https://app.any.run/tasks/308ae2a3-850b-4e48-9784-8e05038e6344

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/263785/
Detection(s):
SecuriteInfo.com.Variant.Lazy.156160.32515.30325.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/13890/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
EvasionGetTickCount
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug expand.exe filecoder overlay
Link:
https://www.filescan.io/uploads/625836f5482f2f41caaebc97/reports/d090d355-398b-47ee-bdee-5eceb99142de/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hive
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8642d78d-04b4-45a8-8d9b-f96e30eed77c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/976997
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 609480 Sample: sUBX1bJQbo Startdate: 14/04/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 sUBX1bJQbo.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc/
Threat name:
Win32.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-04-07 16:32:45 UTC
File Type:
PE (Exe)
AV detection:
24 of 42 (57.14%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ebw6oucyu7p2bolhqslfxkvwhijx6lujvf7geocc47ilwpysyl6a._file
Verdict:
malicious
Similar samples:
0a30c895bad0069f233ff2fe4c57e3dffaf233e892fb25fdb21cf312d9c8f8b4
Hive
382da46b770736639b495071c4c5a0b139eb486583b7b9548274ce6e4f663cb8
Hive
545a22b900104571ca0718336c6dfe37574263f1670d55835859b30f9776b028
Hive
5b6a9081d7742747a08d04a8f3dff31de71c4811b3b892e4b0f282780e60d741
Hive
8b8814921dc2b2cb6ea3cfc7295803c72088092418527c09b680332c92c33f1f
Hive
bd7f4d6a3f224536879cca70b940b16251c56707124d52fb09ad828a889648cd
Hive
c931c14c4932cb7155bd9b6d5afc29a244f98a25f989ffd12db2850324606941
Hive
Result
Malware family:
hive
Create hunting rule
Score:
  10/10
Tags:
family:hive
Link:
https://tria.ge/reports/220414-sdaz4adbdj/
Unpacked files
SH256 hash:
206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc
MD5 hash:
23f82ce9f5f8e02614b31cc0810e0d5f
SHA1 hash:
0bbde5e6b3aefc33014ec3c1f1e61d8664a33a75
Link:
https://www.unpac.me/results/98d51695-a593-49df-a0c6-736d524fe7f7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/206de75058a7dfa0b96784965baab63a137f2e89a97e623842e7d0bb3f12c2fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/rivitna2/status/1514552342519107584
Cape
Cape
https://www.capesandbox.com/analysis/263785/

Comments