MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ransomare.Stop


Vendor detections: 14


Intelligence 14 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751
SHA3-384 hash: 116994cb8ab1398b163dede83f2edbf05a506aa2e684890dde4e80be0ce44ea44109cd726d6a0955e55290bafe1be878
SHA1 hash: f1188ee4a8d759ab91583f8cbc50ab833eb7be37
MD5 hash: 20d757e50361c52709620b39aa4c32b3
humanhash: echo-whiskey-alaska-lake
File name:37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751
Download: download sample
Signature Ransomare.Stop
Create hunting rule
File size:792'576 bytes
First seen:2022-03-31 14:46:19 UTC
Last seen:2022-03-31 15:56:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 8b43e1344b27321e8381c60a4a19bca2 (6 x Stop, 4 x RedLineStealer, 1 x Ransomare.Stop)
ssdeep 12288:4GGbHD5tWLQZadkxrOSeeM83cmHuckKMV1PsKXcB+ixXj+xTfOdB1jrdAPLipD+x:8fd8GOSeeM83cWmKCXxiqPLipiwsU6
TLSH T1BBF40200BB50D035F5B752F8597A83ACB93D79F09B7490CB62E56AEA16346E0EC3035B
File icon (PE):PE icon
dhash icon b2dacabecee6baa2 (33 x RedLineStealer, 30 x Smoke Loader, 28 x Stop)
Reporter JAMESWT_WT
Tags:exe Ransomare.Stop

Intelligence

File Origin
# of uploads :
2
# of downloads :
241
Origin country :
n/a
Vendor Threat Intelligence
Detection:
STOP
Create hunting rule
Link:
https://www.capesandbox.com/analysis/260178/
Detection(s):
SecuriteInfo.com.Trojan.Siggen17.29817.2543.19719.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Launching a process
Creating a process with a hidden window
Adding an access-denied ACE
Сreating synchronization primitives
Deleting a recently created file
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Query of malicious DNS domain
Enabling autorun by creating a file
Sending an HTTP GET request to an infection source
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12249/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CheckCmdLine
EvasionGetTickCount
EvasionQueryPerformanceCounter
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/6245bf0a1f204239485ce419/reports/730f4f22-c76f-406e-988a-0eb767dbb019/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
STOP Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/093c083c-a737-46f4-b52c-924d8999a656
Result
Threat name:
Djvu
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/968434
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751/
Threat name:
Win32.Ransomware.Stop
Create hunting rule
Status:
Malicious
First seen:
2022-03-26 05:39:00 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
33 of 42 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g7ucau5nq6at4vmmvf44tgg5o2e7mznqwztl5r43vyzavd2r65iq._file
Result
Malware family:
djvu
Create hunting rule
Score:
  10/10
Tags:
family:djvu ransomware
Link:
https://tria.ge/reports/220331-r5vm5shfbn/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Detected Djvu ransomware
Djvu Ransomware
Malware Config
C2 Extraction:
http://fuyt.org/test1/get.php
Unpacked files
SH256 hash:
af6b33f859593dcb716c81b1416e52ad8cdf8e7a36662893ac3be277f9805430
MD5 hash:
5262fd9d36dba4cbc654a7331d3f684d
SHA1 hash:
666f465de6a152f2e005d00d6fcc937c89ec0af1
Detections:
win_stop_auto
Create hunting rule
Link:
https://www.unpac.me/results/ec2215c7-edec-499c-8811-8fd5c81d3505/
Parent samples :
9f9c835122ff42d9777bbe0ecc066c53bea50721728d4f0473604070f3ce295c
a9095f44928219267930271d2ad000c7b2f7f2616db4ad186e5d3aa283d14764
17c1844f37315d9081efa1c39abcdb3612c531dcf01c303425346dd352a3b117
b7529c27c65c9f3cd9ddce5c6c8c193d258e8f54d8c11e9db618feec3cb9258b
d932dbe6a5be50d4668037cd66420fc424de0b57368ed6fc8a1d249f4d6d1e10
fc0d639c0918938bdf00fa6f1dc4bc03002c328428fc34a34b050aee8e3beb8c
8435fa985a445994ae3b8134721302ecd6dbfa29d1052eb8471721649ab1b522
e1be354a31a340c3ebe7bf14ed0fbbcb788a47190b253d05067e9e8698c25698
f8db10513db12a4bb861d7b1f52e56f5de5f5dba7614fdee3db67b191fee85c6
de1bec11380a046d35656cb592a399445a6deb5934a2892dcd5dac3d0f61c55e
1a08fad680a026c1168055baef403eb4aa36ddfcd6b96ab9f277fa120a360977
3f47e5ae4e51db104552e401e1627716e84ecf49a18469afa36359eaaa27455a
1edff28923d68b2853d4fb78ac673c6ed4c6d00a1f6c53e160bb717a0906145b
3ad17c55ff82d77132b6540e1053baeffc4c47f98a23c52bf5d88f0378b15371
5a4d3971664541b367066e6428098fb891e68b3a6fe0b8df52e66085cc764d4c
5ec2a6f1692c51a478c33c800cd12a1237de2c1dfd4e6a1982fdd05b23bd69d3
6bee8cdba2850877e705cf6412545e2e321339d39d4b2639864ebc4f4d5a340a
6bf8a626df0fcdfc44b1ea3401b1749c3effe848e549eb7e20d7216c23a5f023
7c192e65c2e3b074cc0d5f23c219aa06a765c3fbf9ab35eb99009e9d90687127
7faa3c5a451101caee04dc8275d9269d41cc73b5c042cc338e33b654b7f0924b
29fa88d3a26da9c979c5c10df4a0bf9d2a972fad38624200ffe80853455711e4
26da4bf440b1709fe00d64826185ee8ef62a5885bbfc8c835511b7202865adea
31b6af9b32727f5c93fa714da47cae02d7fe019bb99ef04c9bb48a316f3096d8
55d8c8e92a1efdffdb85ec2276d9c4e215c1a43b077360c20f108e425a5fa437
75f80da9276c13fc3d52974382c19f2d75dd40756b9cb6186ac08e056f2ce6b2
77f6b1419532a47164e324e6f2a68b57a35838c305a59415aac6c4452f9f8abe
122c593f41d588b3e7c72a499c092fed6b5e42264fb0651962061f7b4bb722f8
274f789229cfb721debcb8538e1bb6c7dc538d1afa74de51173343c6e030ecf0
660a52ecac1016144f8f7f9925a2c023e6c1c103a6c423238962a0d79b44c80b
4012bc4dd89fbf7eaad5214623cbcfc27a3c014d2bffdcc76ffa5dce704b4c4a
6395b1685411162de16f1720520350b2560992fe8158dc29c3d4bfcd35cc3a56
7406089920d8a814908b750d77fd224e3d27e84535ac6cc088d5a8f1dbd16e43
f02b45b579b65a1ea89f2d9443f2c1a1484dec0bc66591ff4d3ad6ce63d635aa
07be6cebf7cb6fec6e82da3e5855ffb5f0c5da5ce6ff0adfed897466b08387ad
76a97061aed8ee39ca3235b5f127df44cf9345cf5d95af10c9dbf11564b6549e
948ce483156ee498c5c9f12c052cbbf5125644ebd0c783d2831d551d148a8e6f
951f935a4d635364d6600071b51b60fdbb88f1963799357118973ca9b6c7d945
5997cac695f141c41240d248fc991e41122fe77fc345c7bbb73145fef81f429e
072358a173e1a843310b57da93eb0bb4a9f30489415b162de5fc2ea9e876bfff
e1331f18cf6e141b8659680fbbd58360597732fe21e9aa8906806d7d6de117f5
e557171e821568f59ea764731d05355e714eeb14019ea3cdfdfb7f427775ded7
f7b3c3137aa931a3ec93978f41edb88499f236f9759208e74fedf6a671c748c5
f9bd66fea33c2697c57b852a24c4e753fc52c43afae5eb5da4682053fa703139
3371e19ad7bdfd3c3ce5a63dd4105541a4c4a36a45760dc51da17ea2d41c3f69
6465e8cab5f5bff0e50c8a4d36c66fda4317584e166934ba315c51ca5c707618
8674c9ccf72e58a699642780869eafb33e39f150a8e4cb59c8d9d2e16986e0f0
a19bb352dd1f5f9c0b274718bf5c0b9a4889806571f0d982cdc9a5b9c3f55e28
eb3ab00a77c29d2846eebbb87f1837a48974d865e2d3bd0297c41c6cf118c741
f6eb0bdb2eababb98448c6acfbaea9d4a923188f5ae96179e0dee676a46cab15
f9d6979412439098e68e27f6e0cdaa3b7c41008376a35a0c6d498bcb4dc31169
88255867cebe9b14735d4c76285954c9603caf4049de9c55030d913cdacd67f2
faa1947193b79a891cf9a2c0bab81e4b96a201e4107c7a4960fa7f864f991cf5
eaba36cd0b2f1d466f2dd6c5cfe99e169b48e830cc6a3e048fd7c97158ea834d
cd3906a284a4c8b87e7fa8162a059dd893acdde7d44ee4991a43b5c3b67b7b56
d796df8e7ea24a1076fcb5ec457e0b0c14219905fd34bf8d8761a6d2b1c546f9
ea7188d459b48987f6cd7e3f23b420024748168812a084c60a8be5407344894a
00f34e84ff75283bed87c60a481ebb17f1909b94b0fb16009ae6b8bd30e9d446
5fd67e4b1a89e08aa02b8bf4af770eefac4b25f55081ed9ee2c21adcca23547a
9a488082120b56a0b294807e6b62599ce8a432533c57110f66c9e4223f03b358
843f583cf4f78748dad55bf2a9265812283b31333b878dd9852f80a8051dfe34
2084f6652ba0078d12b6d929b05b27948587c8e7113e187b28adba6b95f87741
853019600fa809d432cfe1b381078d1371c780494fafedf3dcebe7129f502576
ba63e0c94bf44bff7df015864e9e30257018b4a59a1ec6f42741e1a00d4043a4
54bd7123dbf17dde4e0c1e7d40f756988ba7577d039397c45ac15c766d4d7b2b
80628757406344d2053361607f9b117cceccdf7f906a4c87f17fee06e01f2026
c4af7a91c2a2306fd088d9edc3f7f2a96472f5397d62ae628653e510109a8a28
cf768a979f38ed8a623cfea619e3d86dbd52244a80c075f4ccb8a4f3e69867d3
46d9afd6bded40cce91aedeb42a534cb65852667b6176eb924b8bc80094ca956
79a45215fb18155b4ce7d6d4cde5351b7da9d25b0850431fd7f1b8373e9041b8
379adf36c2cf8f91ca2490e4d233bc9d1d89c5444fcd23378d8978c8b473e793
41de03ca89e7bc4f66cf30cc7223eabf25ab4af29d41738afe1fb26b105be66b
610cc309ef1470210e8cac4b9e275ca08d1aa5253b3855b423b5625c835538d5
6c8b6cc6dffcecac3efb9091bc2b6922d413e6b1b235b00141df69c541ce1857
874e3b322e52f6db4567ff2fe844e0db53d12c047aec4d2b94079967590be6f3
04181e992f1c21b2f8bf8a9d97f100b467baeb7a8c2eae815c190214b78cd95f
ec68ecb76f9de88508168f3182139391aac1f1ef611dcdacab1f48c4e01f4ff1
c2a9c90a2187e7f04f6b822fd154e207f9cd1a2f3868ecfd5665a900c2e975df
d0430be4b6ad4975b374c0a6374f13f9bee4f7a6e4354fe8cd0fd680743aada2
0f2b11270a5c77377343e285285d4b4d529d34d2a8bf7d077442cc0b70985f68
37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751
8263b30538813ef7975b89a1e5c3fead8b51553655d48a0e371afc372e968c2d
34dd029dffa207f22de0cfe7ddab10bddc6e147d2be76eea1e72f9ab3423da37
0dd844d7e7b1737da39d1fba95f66a2e94470c04f4a94ae1c801406964cd1962
16983261c002fca9b06fe65551349aefc77e80c7dc5d17a97b63b82fec29fcf8
db7d95d3153dbd69648e3d1cc6c1addc0e54e878bc9683ecad0ccdd110e8eb16
40b6d94441d08df4d7b6838c3ae112308ee5a6add4149a05e6dabef8bb0cff1f
94a51cf8ea8c4b965c47346160f237e180bafd3314814aa417036a9557c35c82
c91a690094339dbfc9a00048e5c97f7d4f099987e8a9b0082b3f08e06402b161
caab3bd04172cc69865a19c2644fccc85ede63755549e81087eab6b71f979b06
96c4162c5c26be0d16772ce9fc264ba17fc045d441b17cc235c0f421f1218783
786bb21f95e657b07a7bfb151e4e0d0f27fe443ac855e467e9b7d3fa643c62ab
91dcc81e8257de71a0d162f5b02654ce2895518a08112bb8c0ef764d575f1b99
65fde5e5870f711e845eb74592c1bf784f68d6a7746101a9f6c27afaf4537e42
48ba4b8f4d87039ee33cac2af62a67ee1fd9b3b1b02f4b183f78a7c326b4e42d
bd6d17b6695360291ff23bfe1417ec8413d9ff11b7db8a8475c248109506a09e
da0197bad20f02cc3ba3518daa460c3d40ced2349abecb67311647e0aaf870f3
e565c0b80462bd207d991cb9d9fd34c9d72b45e4696797f9d59f0e153b3a54a9
d247789cfeb8efdf3a061250c65767fe50764a414fa81ff276df0bf0d134ce47
72f533453a36b4608bb4ccd6a8d534fcb05d7d51a55420b546defae752774221
202259937df72d3e7e341ce852a48938616e0d98a091d976f5342bf82e132ce3
SH256 hash:
37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751
MD5 hash:
20d757e50361c52709620b39aa4c32b3
SHA1 hash:
f1188ee4a8d759ab91583f8cbc50ab833eb7be37
Link:
https://www.unpac.me/results/ec2215c7-edec-499c-8811-8fd5c81d3505/
Malware family:
Djvu
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/37e82053ad87/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/37e82053ad87813e558ca979c998dd7689f665b0b666bec79bae320a8f51f751

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260178/

Comments