MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 318c6717d3881cbc9b1f24325a85e79d5c5768a03387dfb2cf605638a4b45056. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fonix


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 318c6717d3881cbc9b1f24325a85e79d5c5768a03387dfb2cf605638a4b45056
SHA3-384 hash: 6515b23cbe4dfd2be4e9bdf7778c36f452e91e8ba4425eabbba6e926f69cfaf516deb491c1db311b790651629bc8060c
SHA1 hash: 2ad4369551391774ad83f174f1ad1530ceeddbc4
MD5 hash: 514f55cc9fc9e292cbede9fc1a66dcbe
humanhash: early-earth-bravo-sweet
File name:318c6717d3881cbc9b1f24325a85e79d5c5768a03387dfb2cf605638a4b45056
Download: download sample
Signature Fonix
Create hunting rule
File size:889'344 bytes
First seen:2020-09-16 16:19:26 UTC
Last seen:2020-09-16 16:38:05 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 0dbc8cdac76e14bcbbcb24eb9ac16a0b (1 x Fonix)
ssdeep 12288:KQH+qYyJ+OeO+OeNhBBhhBBmLZssabsw9JaK5gfSLJ2ysMqZT29VgS0PNu/C10Tq:KQexAZsuw9JF5gfSLpYt2gd0oLN
Threatray 1 similar samples on MalwareBazaar
TLSH A4159E307487E4B1E4A205B14D7CA9AA6D1EFD5B0B3467DBB3C8232D9E781C14B32B95
Reporter JAMESWT_WT
Tags:Fonix

Intelligence

File Origin
# of uploads :
2
# of downloads :
173
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/62307/
Detection(s):
SecuriteInfo.com.Dropped.Generic.Ransom.DMR.A9C5E19F.10895.21181.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Fonix
Create hunting rule
Detection:
malicious
Classification:
rans
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/468154
Signature
Antivirus / Scanner detection for submitted sample
Deletes shadow drive data (may be related to ransomware)
Machine Learning detection for sample
May drop file containing decryption instructions (likely related to ransomware)
Multi AV Scanner detection for submitted file
Yara detected Fonix ransomware
Yara detected Ransomware_Generic
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/318c6717d3881cbc9b1f24325a85e79d5c5768a03387dfb2cf605638a4b45056/
Threat name:
Win32.Ransomware.FonixCrypter
Create hunting rule
Status:
Malicious
First seen:
2020-09-15 21:25:19 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggggof6traolzgy7eqzfvbphtvofo2fagod57mwpmbldrjfukbla._file
Verdict:
malicious
Similar samples:
581122114ad28f404b2cc4f8df5d77b6ed447f8f26f862960bb0181776bfacd9
Fonix
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200916-xtvphzlf8s/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Filecoder
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/318c6717d3881cbc9b1f24325a85e79d5c5768a03387dfb2cf605638a4b45056

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/62307/

Comments