MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


LockFile


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c
SHA3-384 hash: b266add7bc6960705e4356f9a8f476312932377a92ffb4c18341d5e9303124d42fdd48ee1a5192f76c32557e4468ec49
SHA1 hash: 59d231b42bcc78d58e5da34fadab7949ac7e0594
MD5 hash: df30d67f1edd66174a5e760255be934d
humanhash: pizza-one-helium-fifteen
File name:3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c.bin
Download: download sample
Signature LockFile
Create hunting rule
File size:830'464 bytes
First seen:2021-08-28 23:42:54 UTC
Last seen:2021-08-29 01:20:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 7d86c3ecee5df750bec35c27721879ce (1 x LockFile)
ssdeep 12288:CwTjz4QwaGdWYgeWYg955/155/ybxq1yg4bP0Xrh57rXoMkZGs:CwHcQwBPxq1KbSh57rXhkMs
Threatray 17 similar samples on MalwareBazaar
TLSH T101057D5A62A813F4E07BC0398942410AF7B27C9587A09BDB12A0276F5F73AE55F3F750
Reporter Arkbird_SOLG
Tags:exe LockFile unpacked

Intelligence

File Origin
# of uploads :
2
# of downloads :
242
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c.bin
Verdict:
No threats detected
Analysis date:
2021-08-28 23:45:36 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/094f09b2-13e4-402f-90a8-c43123e96988

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/183174/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.37474225.19543.7831.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/79aa84c0-f615-494f-8452-f1c62586b088
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/840906
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c/
Threat name:
Win64.Ransomware.Crypren
Create hunting rule
Status:
Malicious
First seen:
2021-08-25 01:29:04 UTC
AV detection:
13 of 28 (46.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gmb2df4ju472ocqqp6hdljgocc5u62tjvqcbugkhjapnrluzueoa._file
Verdict:
malicious
Similar samples:
0a823cbd6a32a10c927253fa40466c8a3177e487ee7895a8a2e244a9b4c415fc
LockFile
1b30e0509075234edd5f46ed054ad56bb6cf8d234341e0c72fe27407027e94de
LockFile
1cf6570844a3a440ad731d0c72ed9bd8369f2cfb44243a952942f91097767776
LockFile
4101bd379660a169d50442c9921d6fb0329620efbc5a163856c2f5e5f41e601c
LockFile
435badbad2fc138245a4771a74ebb9075658e294d1bcfcf191ccea466eea825c
LockFile
475df55bf31e8c58a8646cad8863913d3fd2d58b72a48ecef4cb1057efd1268c
LockFile
59babf45239a61449061a606bd3f578c3caf0d604c1b9db4504e74582c6a4d30
LockFile
890db580fac738971bc7c714735ff6f1f2ee31edccd7881044da3e98452af664
LockFile
e3f297dcc0aac80152ba1af99a2c4c101a1ee88759900da7cdfcc9cb5955f06d
LockFile
f8b132d8c750482bd5b6f03bae58f6805fb3480ef0904a21f0111ede5a1ebb1b
LockFile
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210828-vech6r1ktj/
Unpacked files
SH256 hash:
3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c
MD5 hash:
df30d67f1edd66174a5e760255be934d
SHA1 hash:
59d231b42bcc78d58e5da34fadab7949ac7e0594
Link:
https://www.unpac.me/results/7fcbadea-28c4-4792-9bd4-af23da3a0378/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3303a19789a73fa70a107f8e35a4ce10bb4f6a69ac041a1947481ed8ae99a11c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_XORed_URL_in_EXE
Create hunting rule
Author:Florian Roth
Description:Detects an XORed URL in an executable
Reference:https://twitter.com/stvemillertime/status/1237035794973560834

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/183174/

Comments