MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sugar

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9
SHA3-384 hash:	7c944eae76b8f61578d7e9b41d3dd824481a1cdd05c10357f55f35d28f1aff0bd1d421484a1b3960f3a1dc7412daf5bf
SHA1 hash:	c31a0e58ae70f571bf8140db8a1ab20a7f566ab5
MD5 hash:	1cc5b508da9567f032ed78375bb45959
humanhash:	victor-east-nitrogen-undress
File name:	315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9.bin
Download:	download sample
Signature	Sugar Create hunting rule
File size:	59'392 bytes
First seen:	2022-02-03 01:09:50 UTC
Last seen:	2022-02-03 02:55:24 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	29dc79e4c9ab8bfa299719f434758791 (3 x Sugar)
ssdeep	768:/UtqhQLkaTp6Qm6V+1nPJK1vb2R5QLKIynlHMCJSsb07bDXYhBhaYT4cpVxNnsZr:sTkaI6c9JKFb2R5zZMCJGvo3yoxds
Threatray	7 similar samples on MalwareBazaar
TLSH	T19D43F1E3DB6FC27BEDD555B8F8C65DA3407C3B5EC2276C1BAE19090931383A096E050A
Reporter	Arkbird_SOLG
Tags:	exe packed Ransomware Sugar

Intelligence

File Origin

# of uploads :

# of downloads :

354

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9

Verdict:

Malicious activity

Analysis date:

2021-11-23 08:49:11 UTC

Tags:

evasion

Link:

https://app.any.run/tasks/bba0b61a-e618-45e9-92d9-a57755a5156e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/231405/

Detection(s):

SecuriteInfo.com.Trojan.Encoder.34486.32146.14886.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

DNS request

Sending an HTTP GET request

Sending a custom TCP request

Сreating synchronization primitives

Creating a file in the %temp% directory

Sending an HTTP POST request

Searching for synchronization primitives

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

filecoder packed

Link:

https://www.filescan.io/uploads/61fb2b6da0f6a794b33555ec/reports/9fdfdbb9-9505-4fb2-a551-6c987a2aea79/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Encoded01 Ransomware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/f34bfc34-9c5f-4bb1-8fdf-fb2218a9ed38

Result

Threat name:

Unknown

Detection:

malicious

Classification:

rans.troj.evad

Score:

92 / 100

Link:

https://www.joesandbox.com/analysis/932924

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Creates files in the recycle bin to hide itself

Found string related to ransomware

Found Tor onion address

Machine Learning detection for sample

May check the online IP address of the machine

Multi AV Scanner detection for submitted file

PE file has a writeable .text section

Writes many files with high entropy

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9/

Threat name:

Win32.Ransomware.FileCoder

Status:

Malicious

First seen:

2021-11-07 03:41:32 UTC

File Type:

PE (Exe)

AV detection:

36 of 43 (83.72%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gfielzig5npj6x6sjzffltnerurdvq2faa3vq3hg3k3qv7en37eq._file

Verdict:

malicious

Sugar

09ad72ac1eedef1ee80aa857e300161bc701a2d06105403fb7f3992cbf37c8b9

Sugar

1d4f0f02e613ccbbc47e32967371aa00f8d3dfcf388c39f0c55a911b8256f654

Sugar

4a97bc8111631795cb730dfe7836d0afac3131ed8a91db81dde5062bb8021058

Sugar

7b579694a738437eb6aed2064bd2d78cb77d8afe92994bf6e02016a563cd50a3

Sugar

ac994af31d2fd2c1393d25c7841b4197510f206110d50509961615e4b8ad3fef

Sugar

d7b59654644c399eaf13d7460b928ebf8f94bfd9e97e4a135ef005719e4eb18b

Sugar

Result

Malware family:

n/a

Score:

10/10

Tags:

ransomware spyware stealer

Link:

https://tria.ge/reports/220203-bjersscegr/

Behaviour

Drops file in Program Files directory

Drops desktop.ini file(s)

Looks up external IP address via web service

Reads user/profile data of web browsers

Modifies extensions of user files

Unpacked files

SH256 hash:

d5e4fcbc31a6d048f38a62c62e8ae0c976894363b6cbd8597f42f105de8b3cca

MD5 hash:

6c4f67cb416eda4e4e8a0e4e040f1b13

SHA1 hash:

d1e66ea63b524441d145b9d645edeb39fa6b0b5d

Link:

https://www.unpac.me/results/a94dc2bc-e16b-493c-9512-3f5a51cf164d/

SH256 hash:

315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9

MD5 hash:

1cc5b508da9567f032ed78375bb45959

SHA1 hash:

c31a0e58ae70f571bf8140db8a1ab20a7f566ab5

Link:

https://www.unpac.me/results/a94dc2bc-e16b-493c-9512-3f5a51cf164d/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/315045e506eb/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.67

Link:

https://yomi.yoroi.company/submissions/315045e506eb5e9f5fd24e4a55cda48d223ac3450037586ce6dab70afc8ddfc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb

Cape

https://www.capesandbox.com/analysis/231405/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample