MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Stop


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a
SHA3-384 hash: a68935ccb1e69720b78257a14005ea16b65594a13c9db60a0fea1a09535544aae3ccb437133a31cb801eb50461e88290
SHA1 hash: dc7d76218a77c227efa9c9f1c940fec698bce0ca
MD5 hash: e419dc0a16c4a4b93841e39879d64f3e
humanhash: neptune-fix-violet-twelve
File name:3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a
Download: download sample
Signature Stop
Create hunting rule
File size:867'840 bytes
First seen:2022-04-05 06:10:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 96eae08baffc1f2bb2ff78914719ff7f (3 x Stop)
ssdeep 12288:BBAQS71Wc380n55PuvsNACpxJC0YwAwXUiGkUECoa5bE1fxvOlg2eqc4j/q503u6:rY1We805PLCI/YwHkEg0OlCXVwR
Threatray 1'118 similar samples on MalwareBazaar
TLSH T1F8051271BB8CC4B9D01726306465FFA11A3DFC61682049473786361E2EB3B4CA5EA78F
File icon (PE):PE icon
dhash icon 327e7c7f767e6e72 (4 x RedLineStealer, 3 x Stop, 2 x Smoke Loader)
Reporter JAMESWT_WT
Tags:exe Stop

Intelligence

File Origin
# of uploads :
1
# of downloads :
205
Origin country :
n/a
Vendor Threat Intelligence
Detection:
STOP
Create hunting rule
Link:
https://www.capesandbox.com/analysis/260808/
Detection(s):
Win.Dropper.Stop-9938042-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a window
Unauthorized injection to a recently created process
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Сreating synchronization primitives
Creating a file in the %temp% directory
Running batch commands
Creating a process with a hidden window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware packed
Link:
https://www.filescan.io/uploads/624bdd7c40ce5db9f40b3b6b/reports/e8231f80-119b-49e5-b76b-f124e8d06a6d/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
STOP Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1d8dd24f-a48b-4ef6-b5e7-38bdfb2744aa
Result
Threat name:
Djvu
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/970693
Signature
Antivirus detection for URL or domain
C2 URLs / IPs found in malware configuration
Found malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Djvu Ransomware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a/
Threat name:
Win32.Ransomware.Stop
Create hunting rule
Status:
Malicious
First seen:
2022-04-03 09:49:01 UTC
File Type:
PE (Exe)
Extracted files:
69
AV detection:
32 of 42 (76.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0a04531f67450f23732ef2d41e6ac507ea10cdc39d513f1a379e9b3e0508e4f9
Stop
16caa6cee30e3a5de71eeadb718440145027eccddf1bc2dc053435d354d89ac4
Stop
21e4f80b25a605ab9160cc30e4d6936a1b4731760603207097fa151ac7267c0e
Stop
2a06da1f6bb8f01f932093ed9ae5f1ca2ff7b53b89dfd46a0102200cf3ebaead
Stop
2db1bb25566f90ea473b56bcdc4670b9e6f730986a9c6f9d4b59a9ca6f542f54
Stop
30d61c9063fe72a9a6a1519ad4a2c43dc7e88fac46904e6f7227fa789be5dbb6
Stop
5fd67e4b1a89e08aa02b8bf4af770eefac4b25f55081ed9ee2c21adcca23547a
Stop
6ba4e925a60367af40aa1eeccbc544b0ed2b6ea73f13112de046b9bb85533dea
Stop
ad6a09d69bd7b57c329336a6ea486acd2c7c275e2a6a9703d95a93fd5fc0070b
Stop
+ 1'108 additional samples on MalwareBazaar
Result
Malware family:
djvu
Create hunting rule
Score:
  10/10
Tags:
family:djvu ransomware
Link:
https://tria.ge/reports/220405-gxlp6aadb9/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Detected Djvu ransomware
Djvu Ransomware
Malware Config
C2 Extraction:
http://fuyt.org/test1/get.php
Unpacked files
SH256 hash:
fc90a956316d6efabf262e575d5801e6ec502502dcef75269b2db592d0e5a70a
MD5 hash:
98fd0039533495e6a5756eae5a9ea38b
SHA1 hash:
5c8fdddd87ccc8b5ac13d0adc0178d2d356f0e6d
Detections:
win_stop_auto
Create hunting rule
Link:
https://www.unpac.me/results/c9a61373-a8c9-4b8f-96b2-8cd21a80262e/
Parent samples :
9cfe27f65401391f31681939a2044e00e873f2391398656a6066c9e09030f5e1
a7dd575a5d02cf4531309ba335481564cf35383285d84effa519d302962556e7
56fdae721975ff81c3ba41c65aa74395ffac22f832d494c1edd3ecc2593e45c0
adb3dfa05eb1eac98d1c860e0e88c6050952b00e854f962e02126b14ab0e8423
58800e8556bb1ecb9d1554a14cd59136cbf41bac263c56d8e0adea85e6fbcc35
ae46809e1f04125ca54e9108794c6426d389617e0bd8133ce91aeee9ce9bb573
a08d308902b9494ee1a0d38e4c7cb5dc91e302efc8e869be3c2ec0394034fe06
2fbd58e933ac02775649129f2d72a4a40c011f1075d4714052141c6c0813b049
1fc49b9f134cd2ce6b203dfea77b85269bba7ed1e29060d11dad4fabcaa66f67
1cf6de69e4116e27fdc7fdd485432566bd2c65598bc9420bc1089fd5f7c3cf4f
2b52418f70ca659187a5d9959802adc348af02b4bb4bdfaa634de930295d8ae3
5efb1ae4bb8bb433c72d9a5ffa3e567e9ac235eb666ce25a56035e30fb623abc
6fcec37ad944a768f9e87a590de03e1df6c5b86cd7ffe3105589ce463cc67615
28de739e5a1ed53773ef2d8747f800a88c631b7fc27466cbc6371bccb9259da9
37ee32817b5a8fe72af37a71d051f1330a2486a88a2735e051f860bf92fdbfdc
82e869f41c09e99a544ce6d50fedf25e1f08b60286a8085299d3196b00083a1b
295ba48b48c596fcf5792578fe2c0678b841984588efbcf77067f51961d374f2
3289a7e157927ea433bcbef1e2f4a14830051bf75824c0769c31efaf1225955c
3d14f23b4729d498460c0831236950c4d854fea2de797c1fe65b1eb6548dc241
9301195c700b39f71484a9302e0ee0f714b8914113394b08f4f4788cd6f5a40e
a512b4b6c99877a9990299da663556a582fc6eb9713b9984d9c2927d73c9c6ff
c10580e06da040aa1e72bb74f872bb45d63f1733e432f15920eff91848d31377
893641698acd5b415c7a079b5512abadd0da0ebcd9e9e440bd0cf33fc5596257
d536de2200a9424de07b26726d16c18a88277745eb87d3e3f31f3ce83207a2b6
e2008f3eb3480e576bd34e3a1079b21a17a03fe3f02d74c98461a1eef4e28275
eacbde48d95aaaa21da6ff9acb0e5e29b4a19d89816351a6616c6e800e686261
c4b422fc75b9e6b9b7bc6d5dc6ceb221aba807ccf9973710b5c62a30fd636bf8
ffbf3c9e0ec433e6ea684b848440bc8d039164fca4174763ba12335ab57d7606
436d45423beaf3553cf83814334614f11d786650981bfd1deec29093761efea3
6672fed2e98c442d1d0f86f03fcdc939f502cb9952061c57af7d4f232ed6d16c
d89e36841e53232e807fe543972ca6a1b4dd425da6ea87d7455043a75c6df957
e094869a8bb09c533b826e173f853cf8d7d1ab31f56fa7cbdf3ea72dabd7ead4
edbe71fea0f03f364ec2b75c2786ddea29541034496d5005c132d8b402a3c778
9dc1ae55fc0b55f3a3268a59a50fb9052d917b53295d1415cbc4045ddc3dbad0
02f7349342a424adae32d57fa13d89be4b7b54e119b068d1046c14e36b7f5bc3
6dceff38ea7aa0c62437cdb32c52bbaff747db2bcd8cf38597dce31a26695c3c
0b6c3923a7d34f3062dab70853887a2a3c8bdb009e9a110d4a554bef892b26fd
3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a
5eba82a7e94705bf27fadd086866acebcd1afe20d9b5ad9ee9f224ab21f46ad9
8a2d0bf67b76ca5e61e73cb91957a5cc4281ebf9ff3a2cc83d5c0262c64d7abe
8c5a7318f7201df35cfd4c7902108e287a1932454a8120c47da88114cd845138
9d86a0b05fe7895b350e225e4585dc999008ce6df6bb54cfb1141613f1e97df1
22a282ef1bcc703568825a99c13a5f409718291d9817d11a2ab4ca0ef9272865
28ab91ea2d0e18a098cf8d26e786a7a477a98d6b0a6dcc1ec9e6e54395534b5d
44eed310cb747cc6e34b10937c0f7f8011d20b7559ab8846bf981def59275f5a
99eaee03c735e58c791b29c4d8b0911a0b42b70bd55ac3e5f33cf0729accfe0f
23a56459c8c96187dccb00c4f206678c901ac4b20f25a92babd1197213f16b01
83f32b4c80b69df7ac87e097e57990f759d71433010558083e0260238fe3a795
726e184388fa817075ff40803a1c921e9907d426888cf8e265f14d88d606b2bb
bbc0573a3c27403f6191fd3820ee001dc8d248f4af20200ebbac79cb63ef1023
556a1f630405c06e4ebceadee1c8dc291f1fcaba0955adcdb8946cae5765a939
05369a22c30ed4a64f2559bb9e8acbaf0838eac9f4ad2c06e9c5f06bd3d8b01f
b76029c0f387e9c39ca61093bab92354550a28281b8de0ed56e6be3cc59873c4
db31b33ef9ba03ebc8ad2ff4fe5ab3fb5934d92a26c2b512e784bfc34c3effc2
910fe03c505bbae3cb251f6fa48c837347a4505f7e74ba658a06c41667bf03b3
db796fc968041267daff136126768ff072bd3e4e271d1c81120b0eaf6056bf60
fc6ccdf10a489163e43fbd96ed5c48d0b2948e2a21a29a793083cd15b64b5739
6120caded2eeed1982670216779cbfd5a1b6917b339c96106bc23051ea6a2670
8166fa2f97612f886d127e68c511bc2d8edae19cf9eba76ead300beb41b5aa69
e93dfe97cdd0a9bcd8cc42063fb14cef4e4e0d588871614c3cea18e4c4ba77d7
SH256 hash:
3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a
MD5 hash:
e419dc0a16c4a4b93841e39879d64f3e
SHA1 hash:
dc7d76218a77c227efa9c9f1c940fec698bce0ca
Link:
https://www.unpac.me/results/c9a61373-a8c9-4b8f-96b2-8cd21a80262e/
Malware family:
Djvu
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/3dd2f20a6760/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3dd2f20a676053db4004a363fe3a838b4eeea2b24447336f80b19de465affa9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260808/

Comments