MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20bd2c0698859a509073f5146c859cbbb126e5517f682c41865ec9ebc6d37107. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20bd2c0698859a509073f5146c859cbbb126e5517f682c41865ec9ebc6d37107
SHA3-384 hash: 0cbfd600b341dc9f478ff60db9415e36b89c0e7a72956fca8b69d9aa47c60e030f14a2622b1b044394ca151666d9694f
SHA1 hash: 79492aabb325b2b3d5208512ba332bed0b7ca90c
MD5 hash: 530f03121f88fd864114d023e90c4ce5
humanhash: hydrogen-social-happy-network
File name:20bd2c0698859a509073f5146c859cbbb126e5517f682c41865ec9ebc6d37107
Download: download sample
File size:398'848 bytes
First seen:2020-03-25 08:28:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c6965e5aacc39299c42a5af86d1cb9cd
ssdeep 6144:Rxabm6ijDJyQHHwIJ2FYhs+gZ8X7sbbnWJ/gIF+lmLrvGW4:TjJyQHHwIJ2qhIQsbkYIOovGW4
TLSH D684C01179D18072D2B342B205B9ABA256BFFC321B355A9FA3944A8D1F741C1FA36733
Reporter Threat_hunts

Intelligence

File Origin
# of uploads :
1
# of downloads :
82
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.Sodinokibi-6996917-1
Create hunting rule

Win.Ransomware.Sodinokibi-6995593-0
Create hunting rule

Win.Ransomware.Sodinokibi-6995594-0
Create hunting rule

Win.Ransomware.Sodinokibi-7013612-0
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2019-08-23 12:29:23 UTC
AV detection:
28 of 31 (90.32%)
Threat level:
  5/5
Verdict:
malicious
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::GetSidLengthRequired
ADVAPI32.dll::ObjectDeleteAuditAlarmW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AccessCheckByTypeResultListAndAuditAlarmA
ADVAPI32.dll::ConvertToAutoInheritPrivateObjectSecurity
ADVAPI32.dll::CreatePrivateObjectSecurity
ADVAPI32.dll::SetSecurityDescriptorSacl
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::SetProcessShutdownParameters
KERNEL32.dll::OpenSemaphoreA
KERNEL32.dll::WriteProcessMemory
KERNEL32.dll::CloseHandle
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::FindNextVolumeA
KERNEL32.dll::GetCommModemStatus
KERNEL32.dll::GetFirmwareEnvironmentVariableW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::WriteConsoleOutputCharacterA
KERNEL32.dll::ReadConsoleOutputCharacterA
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetConsoleCP
KERNEL32.dll::SetStdHandle
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CreateFileW
KERNEL32.dll::MoveFileWithProgressW
KERNEL32.dll::GetFileAttributesW
KERNEL32.dll::FindFirstFileA
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::QueryDosDeviceA
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegConnectRegistryW
ADVAPI32.dll::RegDeleteKeyA
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExA
ADVAPI32.dll::RegSaveKeyW
WIN_SVC_APICan Manipulate Windows ServicesADVAPI32.dll::CreateServiceA
ADVAPI32.dll::QueryServiceConfigW
ADVAPI32.dll::RegisterServiceCtrlHandlerW
ADVAPI32.dll::StartServiceA

Comments