MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ead2416f8ac1dc533b9506caa0e34f4bc16eb36b946f77a845f58d371a68566. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ead2416f8ac1dc533b9506caa0e34f4bc16eb36b946f77a845f58d371a68566
SHA3-384 hash: 6f9ecf137cf5df27992012e2e9db6b527a33c1a55e5d5265e154be754d12bc13d4d7079649529bf0a28717ceceb61f0c
SHA1 hash: 4305af85294627742edf0bfcaa62267e18036aba
MD5 hash: 1e2f844650581a3b8e30c9eea1c19401
humanhash: crazy-spring-angel-indigo
File name:3ead2416f8ac1dc533b9506caa0e34f4bc16eb36b946f77a845f58d371a68566
Download: download sample
File size:227'328 bytes
First seen:2020-06-10 12:30:15 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash cfc8c11eab6f51f0365f1122451f3d44 (1 x DanaBot, 1 x Loki, 1 x Tofsee)
ssdeep 3072:M7DT5QMSuzQAlN7aWN7tlAj+HJAwld5WRLH3p+sk6+RfrMt7pqi:yOHyWWzlAjild5AH3pPd+RrMhpq
Threatray 192 similar samples on MalwareBazaar
TLSH 1E24DF10F7F1C073E06345BD14F192A15A3B3C42673C9ADB2758176A2E732E16EB939A
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.33908379.930.6683.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-05-27 01:09:29 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
23 of 31 (74.19%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
06c46067d0d0ea71dd5f8d6f2d4d050393db4d58c79dfcddfb1fbe2c51dabffa
2d7f9d04c5f1764ae45a4e2ec4100cf20c51099431135745aaa074c7117cc4a5
3510959b6d7b6090f1fe8b18775d9d18b44ed01e2676d185ba55887d5559d80e
37b8da186e1d26247f942dab67b5d6d24e0acb0d7fc3c583d4cad99fb36c2bc6
398d4864124ae02d29a19aebd6a44ddc66d50afcf32d5f318f0ece68b5139b51
4aee79733f02aa31ced0b6a0672d67cc6b0e0f7e0fc8654b8981c529046d9b7c
5a445d5d6c31dc9a40bb1a2cb2c2c87edd236faf13c3c6f97d7e6c970412da8c
8ab5753e0dd8b4a54a0cc842bb2b53c97ed33d90bcc445ce4de58d1df9dc9060
ad0e0396572e30f66fd2fd68ac8e0baf6bcafa362846513bdd310875b9da38ed
ebac68b0e4bc51398de1bc867085737ee2981b6f7dc35a1cac6cf2912d877394
+ 182 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence ransomware
Link:
https://tria.ge/reports/201109-ymcwcy5fja/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Drops file in System32 directory
Modifies service
Sets desktop wallpaper using registry
Adds Run key to start application
Enumerates connected drives
Modifies extensions of user files
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments