MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Maui

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78
SHA3-384 hash:	9ce70bc306cdebf9d8cdc7af16f4112b4c4797321e8a9cf2da460742ea18c29bcea527184e2cef1ba942f905ad640b61
SHA1 hash:	271b90824c7bb1de98c7fa9dae6dcd59d8a0bd64
MD5 hash:	9b0e7c460a80f740d455a7521f0eada1
humanhash:	batman-spring-river-vermont
File name:	45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78.bin
Download:	download sample
Signature	Maui Create hunting rule
File size:	781'998 bytes
First seen:	2022-07-07 06:25:21 UTC
Last seen:	2022-07-07 06:53:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b7270585cf85c21db1df48e009263fb6 (3 x Maui)
ssdeep	12288:Y+2NRE6xDWPOO3Kt7RJatTrAtfpYqCXd9rxhQjxv:YhRxWPOO3Kt7FfpYhXjHQjxv
Threatray	83 similar samples on MalwareBazaar
TLSH	T18CF49E06B6C2D4B3D8A6417A11B3937B4E37FE22432AD6C3879129258D753E16E3E3C5
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	Anonymous
Tags:	exe Maui Ransomware

Intelligence

File Origin

# of uploads :

2

# of downloads :

462

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78.bin.sample.gz

Verdict:

Suspicious activity

Analysis date:

2022-07-08 02:27:32 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/045c52e1-584b-4b92-a26c-83fe9ac897fa

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/285389/

Detection(s):

SecuriteInfo.com.Variant.Zusy.422033.30239.21640.UNOFFICIAL

SecuriteInfo.com.Variant.Zusy.422033.23884.8672.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware overlay

Link:

https://www.filescan.io/uploads/62c67c88077ba7b0fbefd041/reports/b1c0ad38-6b8e-44f2-94c8-568295b84946/overview

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ff64615e-4554-4b4d-ab91-c10562de3107

Result

Threat name:

Unknown

Detection:

malicious

Classification:

evad

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1026164

Signature

Contains functionality to access PhysicalDrive, possible boot sector overwrite

Contains functionality to infect the boot sector

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78/

Threat name:

Win32.Ransomware.Mauicrypt

Status:

Malicious

First seen:

2022-03-25 01:47:54 UTC

File Type:

PE (Exe)

Extracted files:

1

AV detection:

20 of 26 (76.92%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ixmkygwgslllwd7hozrag4p4uavwbswi3mr4jtd2wxpsmlnefn4a._file

Verdict:

malicious

Similar samples:

3b7b846373c9e626c33e2561a6ff5515a67f25dc089f6e62711e792572105a17

830207029d83fd46a4a89cd623103ba2321b866428aa04360376e6a390063570

9a60ef135297d1863e76696b603f9de38d77b8efa1387b7ab7e89eec5c8f4f43

a5541460d296b3b3ca23cc1663882122351a08067b3ee608fabb88e38e95e515

b197522d218e972e8fe965032f47ec4e483b698709ac83640f1583feb5a67fb4

caa8ea5f119085a9bc0f33b8f1a0ad80b6d4a9b52050f03f11bc539ebdc88534

d2205532e27cf8ae9dbc0a62fdf3fca598f5fa8f9cc948bec49df54b0b8a8cd6

e6d90883fd0e3c7576c140d6f12e04e1e54c3789ec4b2bdea925c9bdb6aa1f43

e72f7aca561f2ac82e724b952c0a214658a394300deb097ff9257ca03969614c

+ 73 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/220707-g687tagfh6/

Unpacked files

SH256 hash:

45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78

MD5 hash:

9b0e7c460a80f740d455a7521f0eada1

SHA1 hash:

271b90824c7bb1de98c7fa9dae6dcd59d8a0bd64

Link:

https://www.unpac.me/results/88a59add-ceb0-4481-bf65-6768494eb23a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/45d8ac1ac692d6bb0fe776620371fca02b60cac8db23c4cc7ab5df262da42b78

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://stairwell.com/wp-content/uploads/2022/07/Stairwell-Threat-Report-Maui-Ransomware.pdf

Cape

Cape

https://www.capesandbox.com/analysis/285389/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample