MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
SHA3-384 hash: 409edb5002e2966115cd6da952ff57314ec0fc12ee4987f6fe74bf2e7a1bd67ffea5840e80887e743b48692b8f6dc18c
SHA1 hash: dff223882e94be7826b2735d98492c594b832017
MD5 hash: 84e157d1473b3fa141692ed2812b018a
humanhash: uncle-chicken-seven-arkansas
File name:xxx.exe
Download: download sample
File size:406'016 bytes
First seen:2022-03-18 09:31:16 UTC
Last seen:2022-03-28 23:15:45 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 40064c6eeb9f32dfc55bf2c7514305c2 (3 x Hive)
ssdeep 6144:em4KyngF4Z1tDfA4vYvXc7TA4jieFJfPOWGM/gR1mcxg9uTWj:aaF4PtDfLYfL4hf2y4I
TLSH T162844A47F652A0ECC06AC1748767A633FA32BC0946357A7B27D0FE312E25B50A72E715
Reporter x66x72x71
Tags:exe


Avatar
x66x72x71
Ransonware from Group Hive Targeting Healthcare

Intelligence

File Origin
# of uploads :
3
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252384/
Detection(s):
SecuriteInfo.com.Trojan.Ransom.GenericKD.39263099.10676.29679.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9679/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug expand.exe
Link:
https://www.filescan.io/uploads/623451970cd58dbd92b57b59/reports/114db306-ec4e-4048-b186-a0e73edeb836/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/77ca77f1-31d4-4fdd-8085-d26f15680ff7
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/959366
Signature
Found API chain indicative of debugger detection
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 591850 Sample: xxx.exe Startdate: 18/03/2022 Architecture: WINDOWS Score: 52 11 Multi AV Scanner detection for submitted file 2->11 6 xxx.exe 1 2->6         started        process3 signatures4 13 Found API chain indicative of debugger detection 6->13 9 conhost.exe 6->9         started        process5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b/
Threat name:
Win64.Ransomware.Zudochka
Create hunting rule
Status:
Malicious
First seen:
2022-03-17 08:56:26 UTC
File Type:
PE+ (Exe)
AV detection:
15 of 27 (55.56%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  4/10
Tags:
n/a
Link:
https://tria.ge/reports/220318-lhlh3aghg6/
Behaviour
Drops file in Windows directory
Unpacked files
SH256 hash:
26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
MD5 hash:
84e157d1473b3fa141692ed2812b018a
SHA1 hash:
dff223882e94be7826b2735d98492c594b832017
Link:
https://www.unpac.me/results/226e718e-ccfb-4195-8914-18eaaf4fb457/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/252384/

Comments