MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f
SHA3-384 hash: 0e6740379064b6e0bbe76794fdc5590611ecfc26cc22364ba4c50c4cd4f547b585c2e601437ac67e8917fcfe370672c0
SHA1 hash: a694490f20ed25cc70b36b13bf25c830500e9611
MD5 hash: d33d573dde6cb50306af9a464c7cd0ea
humanhash: alabama-virginia-eight-oven
File name:d33d573dde6cb50306af9a464c7cd0ea.exe
Download: download sample
File size:191'236 bytes
First seen:2023-07-03 08:27:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 401e7473d32c1cf7f86ff84ea2c539c3 (1 x RedLineStealer, 1 x Amadey, 1 x ArkeiStealer)
ssdeep 3072:DSh73SpfJL+moqjA59kFxAMO3ol65rxj4GTqN7AUp7lNNGei5:TEmFc59kFelYl65iGTc7ppw
TLSH T1F1145C00BA90C035F5B712F499BA926CB92D7FA1A76454CF53D566EA1338AE1FC3031B
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
251
Origin country :
NL NL
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/405782/
Detection(s):
Win.Packed.Pwsx-9956851-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/95213/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control greyware lolbin overlay
Link:
https://www.filescan.io/uploads/64a28694204315fbc16c6d4e/reports/f9df275e-0721-43e1-968a-091358283ed0/overview
Verdict:
Malicious
Labled as:
Ransom.659A22E6
Link:
https://www.hybrid-analysis.com/sample/378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/a14163ae-2866-4b59-922c-0be1d51df03e
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1265646
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f/
Threat name:
Win32.Ransomware.StopCrypt
Create hunting rule
Status:
Malicious
First seen:
2023-07-02 13:15:57 UTC
File Type:
PE (Exe)
AV detection:
25 of 38 (65.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6grywwrjrdcneihhhsosnkrgzlyna5d7t4344las3ihdoakmmxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/230703-kczytsgh5s/
Unpacked files
SH256 hash:
378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f
MD5 hash:
d33d573dde6cb50306af9a464c7cd0ea
SHA1 hash:
a694490f20ed25cc70b36b13bf25c830500e9611
Link:
https://www.unpac.me/results/4175126d-6944-40d9-b8e1-dc0907b0662b/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 378d1c5ad14c4626910739e4e9355136578683a3fcf9be716096d071b80a632f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2237500/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/405782/

Comments