MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 28858cc6e05225f7d156d1c6a21ed11188777fa0a752cb7b56038d79a88627cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 28858cc6e05225f7d156d1c6a21ed11188777fa0a752cb7b56038d79a88627cc
SHA3-384 hash: 0829125151917a5d894f20bf6226dc8b94a2f3677eec9a751f8d0db2fe5bb1a5dd71f82bac1cee70e7cebaf80aee9b4c
SHA1 hash: d7b6602967eea9806ee8a91284e616cfdf5f255d
MD5 hash: ec724ef33521c4c2965de078e36c8277
humanhash: may-vermont-ink-indigo
File name:iec56w4ibovnb4wc.onion_Library__OlympicDestroyer__OlympicDestroyerAtos.bin.malw
Download: download sample
File size:1'863'680 bytes
First seen:2020-03-18 22:31:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fd7200dcd5c0d9d4d277a26d951210aa
ssdeep 49152:aIuQjMDjzus3wLNlDXjUoXFhKoT2iG6xQQqOeaGcWRrLy3pN+:a1bDjyQwhlDFEi5Qt7aGdRrLy5N
Threatray 23 similar samples on MalwareBazaar
TLSH 80852396B9C180B2E0E344749CF8DA754CEC7A300B212ADFB7E0573D5E261D06736EA6
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
92
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.OlympicDestroyer-6446992-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/19362
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Olympicdestroyer
Create hunting rule
Status:
Malicious
First seen:
2018-02-09 17:04:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
29 of 29 (100.00%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3afe4dd1466eb99bc7ab905a2363173dc043f9060982c49b6f5da73293f7d6ed
3e27b6b287f0b9f7e85bfe18901d961110ae969d58b44af15b1d75be749022c2
65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba
693626ad4ce750ecb027980dfb505ca69872923702dfe564e0adcb651e8c60d9
bc2cea17da33c23edbb0c86ab00b3ec3b4a2f4da84fb075922e41b7bf6b654f0
c6d5e1fdae2634a3a2a29a8c5de69f725ebceefba86d3700bc922aac7f55a1f7
cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
e392bcf79759484012a84eb240198d63c45af3480eff1e28aed7cc102069b63a
eecf5fa7aabf91128e8b3d5a6b6541ccc4e379c18cfe1d35f2473740a192e8d1
eee468bff615adfd8c7b6afc3dc8d064e5076e6175e7d28e233983e08a0a4426
+ 13 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/28858cc6e05225f7d156d1c6a21ed11188777fa0a752cb7b56038d79a88627cc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::ConvertSidToStringSidW
ADVAPI32.dll::CopySid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::IsValidSid
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CoInitializeSecurity
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateRemoteThread
KERNEL32.dll::CreateProcessW
KERNEL32.dll::CreateProcessA
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileA
KERNEL32.dll::DeleteFileW
KERNEL32.dll::GetWindowsDirectoryW
KERNEL32.dll::GetFileAttributesA
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
ADVAPI32.dll::LogonUserA
ADVAPI32.dll::LookupAccountSidW
ADVAPI32.dll::LookupPrivilegeNameW
ADVAPI32.dll::LookupPrivilegeValueW
WIN_CRED_APICan Manipute Windows Credentialscredui.dll::CredUIParseUserNameW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextW
ADVAPI32.dll::CryptGenRandom
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::FreeAddrInfoW
WS2_32.dll::GetAddrInfoW
WS2_32.dll::getnameinfo

Comments