MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37b8da186e1d26247f942dab67b5d6d24e0acb0d7fc3c583d4cad99fb36c2bc6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sodinokibi


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37b8da186e1d26247f942dab67b5d6d24e0acb0d7fc3c583d4cad99fb36c2bc6
SHA3-384 hash: 7fa9d3f4ce023a930a809dd5870146307dc3f67989a276ecafde75f9573205df0264597d48aa74e0aa221a46e5a22362
SHA1 hash: 7089c6d938e3bae0febac05f4b4b10bb2f92142c
MD5 hash: ec423a03baa81be57f07cc2243552d93
humanhash: eighteen-robin-leopard-jig
File name:4.exe
Download: download sample
Signature Sodinokibi
Create hunting rule
File size:315'904 bytes
First seen:2020-04-14 23:17:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 31812edb2c747fecd2f9e197359857ee (1 x Sodinokibi)
ssdeep 3072:ZTWvrZ9R3OsL0AUmdmIkTv44ol7UDu71IoATF61ygMFOX9erxYbBMqt/i8DiUQ:mhfLpU+Zkr4Xl++rOF64Hi9OH8v
Threatray 180 similar samples on MalwareBazaar
TLSH 8564C01375F68433F3635A398971C2B546367C5E9B6411FF2B94263EAE312C28E34366
Reporter Jirehlov
Tags:exe Sodinokibi

Intelligence

File Origin
# of uploads :
1
# of downloads :
563
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Mokes
Create hunting rule
Status:
Malicious
First seen:
2020-04-14 09:56:58 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=g64nugdodutci74ufwvwpnow2jhavsynp7b4la6uzlmz7m3mfpda._file
Verdict:
malicious
Similar samples:
06c46067d0d0ea71dd5f8d6f2d4d050393db4d58c79dfcddfb1fbe2c51dabffa
Sodinokibi
2d7f9d04c5f1764ae45a4e2ec4100cf20c51099431135745aaa074c7117cc4a5
Sodinokibi
3510959b6d7b6090f1fe8b18775d9d18b44ed01e2676d185ba55887d5559d80e
Sodinokibi
398d4864124ae02d29a19aebd6a44ddc66d50afcf32d5f318f0ece68b5139b51
Sodinokibi
3ead2416f8ac1dc533b9506caa0e34f4bc16eb36b946f77a845f58d371a68566
Sodinokibi
4aee79733f02aa31ced0b6a0672d67cc6b0e0f7e0fc8654b8981c529046d9b7c
Sodinokibi
5a445d5d6c31dc9a40bb1a2cb2c2c87edd236faf13c3c6f97d7e6c970412da8c
Sodinokibi
8ab5753e0dd8b4a54a0cc842bb2b53c97ed33d90bcc445ce4de58d1df9dc9060
Sodinokibi
ad0e0396572e30f66fd2fd68ac8e0baf6bcafa362846513bdd310875b9da38ed
Sodinokibi
ebac68b0e4bc51398de1bc867085737ee2981b6f7dc35a1cac6cf2912d877394
Sodinokibi
+ 170 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::GetTempPathA

Comments