MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cuba

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad
SHA3-384 hash:	f80921a0edc69b283058d50d026483779603b6a96a020e24e1d9bae6b6df38e78d6e09d9ee1539643670922988040ea9
SHA1 hash:	e8d0c95621a19131ef9480e58a8d6dd3d15c9acd
MD5 hash:	a12e733ddbe6f404b27474fa0e5de61d
humanhash:	two-nineteen-robert-video
File name:	aam_sysadmin@protonmail_com
Download:	download sample
Signature	Cuba Create hunting rule
File size:	1'156'608 bytes
First seen:	2020-08-03 11:03:52 UTC
Last seen:	2020-08-03 11:38:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	56bf04b1246e7bd71ba0bddbd47cd745 (1 x Cuba)
ssdeep	12288:xtwee4XgIijsCMtcTCWVRapiyC9vwic8CPK3EOnA+u+:8efgIiICMtIChp8N2K3EOAK
Threatray	7 similar samples on MalwareBazaar
TLSH	1235CF11756CAC2EE0EF3B70DD7287E54A607C61A874C9AA37B0BE6CEC702905835776
Reporter	JAMESWT_WT
Tags:	cuba

Intelligence

File Origin

# of uploads :

2

# of downloads :

212

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/37732/

Detection(s):

SecuriteInfo.com.Mal.Cerber-AL.8653.18310.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Moving a recently created file

Sending a UDP request

Reading critical registry keys

Encrypting user's files

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.spyw

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/407795

Signature

Machine Learning detection for sample

May encrypt documents and pictures (Ransomware)

Writes many files with high entropy

Yara detected Keylogger Generic

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad/

Threat name:

Win32.Trojan.Zenpak

Status:

Malicious

First seen:

2020-08-03 11:05:09 UTC

File Type:

PE (Exe)

Extracted files:

152

AV detection:

25 of 29 (86.21%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=e4pphqoqekbj6cyv6jdr2bncrvdynk5p2cu6dz2cxxr7nm3iokwq._file

Verdict:

unknown

Similar samples:

0df0a487b38b5d9bdbc8e2c05ba4c639dfe09969f5f68c85da43b46c16a48f6b

13eccac589ff4426a37b8dfc64823815440f411c6f2bd59f049a59e5afad22e6

4871a6de5ad98ba04f4e3180dcb21ed7d649f5ee74c086aac859005f09952520

749dc8a04fa0366be91569dc44ffed8a2eb412d9f584994953d43bf97f8b2084

83acd77bd1b76095992046c1cd53fd0fb4f0ae9f22f410facf174f4e1ce2f475

9882c2f5a95d7680626470f6c0d3609c7590eb552065f81ab41ffe074ea74e82

e654d1c784c371f9dfc855685f6cde32d4e18807678594291783c62dabc44f98

Result

Malware family:

n/a

Score:

10/10

Tags:

ransomware

Link:

https://tria.ge/reports/200803-gpkfwzjyhe/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Deletes itself

Malware family:

CryptOne

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/271ef3c1d022/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Qakbot

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/271ef3c1d022829f0b15f2471d05a28d4786abafd0a9e1e742bde3f6b36872ad

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/37732/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample