MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Ransomware.Petya

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739
SHA3-384 hash:	8c09e2b3af7ffd1e25b9982d1a033bb79a442d5dd0dbb07bc1d3f59aeb5544132c41023174a71ca54b2718e23a9288e4
SHA1 hash:	39b6d40906c7f7f080e6befa93324dddadcbd9fa
MD5 hash:	af2379cc4d607a45ac44d62135fb7015
humanhash:	lima-hydrogen-mars-august
File name:	Minecraft Premium Generator.exe
Download:	download sample
Signature	Ransomware.Petya Create hunting rule
File size:	230'912 bytes
First seen:	2020-09-08 15:16:35 UTC
Last seen:	2025-05-07 11:22:45 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	1a63922d5931d1bb8ca5188313f78eaa (1 x Ransomware.Petya, 1 x Worm.Ramnit)
ssdeep	6144:DCyjXhd1mialK+qoNr8PxtZE6x5v+k6f:rjXhd8ZlKOrMZE6x5b6f
TLSH	FF349C2276E0847DFAB306378CFD36759ABDF9714931890B33C50A0E79605E1A63A763
Reporter	srcr
Tags:	Levis228

Intelligence

File Origin

# of uploads :

# of downloads :

593

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57962/

Detection(s):

Win.Trojan.Petya-5637914-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

BSOD occurred

Low-level writing

Rewriting of the hard drive's master boot record

Result

Threat name:

Petya

Detection:

malicious

Classification:

rans.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/446479

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to change the desktop window for a process (likely to hide graphical interactions)

Contains functionality to infect the boot sector

Found Tor onion address

Infects the boot sector of the hard disk

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Performs an instant shutdown (NtRaiseHardError)

Writes data at the end of the disk (often used by bootkits to hide malicious code)

Writes directly to the primary disk partition (DR0)

Yara detected Petya ransomware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739/

Threat name:

Win32.Ransomware.Petya

Status:

Malicious

First seen:

2016-03-24 09:33:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

46 of 48 (95.83%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/200908-psx8wpwb6x/

Behaviour

Suspicious use of AdjustPrivilegeToken

Modifies data under HKEY_USERS

Suspicious use of AdjustPrivilegeToken

Drops file in Windows directory

Writes to the Master Boot Record (MBR)

Malware family:

Petya

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/26b4699a7b9e/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

URLhaus

https://urlhaus.abuse.ch/url/229513/

Cape

https://www.capesandbox.com/analysis/57962/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample