MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169
SHA3-384 hash: 1dc4bc2a155f038579f496beba0d58151ae46dda670213ee283c89ac640c778ecbe6f94d65930a999949dbf85f8bc4f2
SHA1 hash: 8365b012d5446cc570491d0ba9929f45ae344f9b
MD5 hash: 518c9037d68b01a4015567bb2369f7b6
humanhash: massachusetts-low-quiet-six
File name:decipher_unit.exe
Download: download sample
File size:1'870'848 bytes
First seen:2022-03-15 23:34:04 UTC
Last seen:2022-03-16 01:35:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9837e50abe66567da47a183b5e961377
ssdeep 24576:E+KpP7IzkQhB69WTjeYeJ601wCFE8Ls/XkyugOF4+FEhnsr0xT7pL4JhGtPm5B6t:MiXUtK8Qp2S4a7p8qtPaB6UF0Z+zXk
Threatray 6'159 similar samples on MalwareBazaar
TLSH T11D85CF02FB8289B3F59325399067A77F4D3AAA104334DAD3CBD01D668D712D1663F3A6
Reporter vxunderground
Tags:exe Ransomware redeemer

Intelligence

File Origin
# of uploads :
2
# of downloads :
399
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://anonfiles.com/h4v8s3Wau4/Redeemer_v1.7_Release_zip
Verdict:
Malicious activity
Analysis date:
2021-11-30 08:27:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/e2de95d2-8ec9-4200-8a1b-790a38671424

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/251096/
Detection(s):
SecuriteInfo.com.Ransom.Win32.Vigorf.A.18509.15106.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
Running batch commands
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9368/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
expand.exe greyware
Link:
https://www.filescan.io/uploads/6231226fdfdfa8501ca6981a/reports/94feb731-7eaf-4415-bf31-d461bf2546b9/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb1dbc8b-56fa-4b0f-bb12-81763b1a5ab8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/957573
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 590053 Sample: decipher_unit.exe Startdate: 16/03/2022 Architecture: WINDOWS Score: 48 12 Multi AV Scanner detection for submitted file 2->12 6 decipher_unit.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started        10 cmd.exe 1 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169/
Threat name:
Win32.Ransomware.Redeemer
Create hunting rule
Status:
Suspicious
First seen:
2021-11-29 17:28:50 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
7 of 27 (25.93%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a
48988cd9dd732950fc8e22b02a5c9e214bfb0e9910a0e7b41bf7fcb961f81bc1
5f3a6968e284a2cfa90ca4318cf7385b9ea468d3bc566a80e81d6cfb44ef5b18
772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631
7c8dc5d401238f679c24463c4dc79c89636f41b8b328e0e02d81e7a1ad8442b1
8307b7961483dbf57866eb3a58ee1645dc060319e3781ff5487babd28f7b13f4
84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973
9e719c4dd5e1086d5197fded7b8cdb0d3d592c0636b0d469fcda22c9723e8e7c
de485249c1467590c911c280716ac3e100ddba49eb6396db58bb1af901171a13
eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86
+ 6'149 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220315-3k1jfaehfn/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169
MD5 hash:
518c9037d68b01a4015567bb2369f7b6
SHA1 hash:
8365b012d5446cc570491d0ba9929f45ae344f9b
Link:
https://www.unpac.me/results/af4285b6-f87c-4ee1-9f3c-78fb11a36a72/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3b2d618e3b0e1c567e74ae298adeec4b589de973f4f85fbb2d787a3b4bdf2169

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/251096/

Comments