MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3a46b5b93459b90b36bc2bd561a837944b3556158bb10e9435dcd78d43b2a8a9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3a46b5b93459b90b36bc2bd561a837944b3556158bb10e9435dcd78d43b2a8a9
SHA3-384 hash: 0f06c0f8e3133362d8db1a6258afa87405678f3df967da46cade7712d500c86c02fc7fe3bfc3273d258991bba2113a9f
SHA1 hash: 57d30c410a87c3b881cf7ef19b1a7fd2d04d27cf
MD5 hash: eac56f5919f4ca3b6ff5f6a644e8e0ef
humanhash: pip-california-nitrogen-fifteen
File name:SecuriteInfo.com.FileRepMalware.4334
Download: download sample
File size:176'640 bytes
First seen:2020-05-11 01:00:16 UTC
Last seen:2020-05-11 03:02:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ed8a3f2f5f2d899607f06b3f8ec09af4 (1 x BuerLoader)
ssdeep 1536:ulL3YJPj9Ok+aO2M1+PJz5Ot4FitoniTI5o7ZjF60FTl1RESJRasW/0/hhk04P:ulLAr9SH1+Pm4hdO7ZRNRESJRXX4P
TLSH 2F04BF00BBE1C033C55599356461C6B14A3EED222BB196933B942F1F1F322C797B779A
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
2
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.4334.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gandcrab
Create hunting rule
Status:
Malicious
First seen:
2020-05-10 21:37:52 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
27 of 31 (87.10%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence ransomware spyware
Link:
https://tria.ge/reports/201109-aysjkfgxex/
Behaviour
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Modifies Control Panel
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Drops file in Program Files directory
Launches sc.exe
Modifies service
Drops file in System32 directory
Adds Run key to start application
Reads user/profile data of web browsers
Stops running service(s)
Modifies extensions of user files
Deletes shadow copies
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 3a46b5b93459b90b36bc2bd561a837944b3556158bb10e9435dcd78d43b2a8a9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/360750/
  
Delivery method
Distributed via web download

Comments