MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cuba


Vendor detections: 12


Intelligence 12 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a
SHA3-384 hash: f10963d9dc479ce11f9d88f3e3c7ea6b0d249351ec846f2ccb5debd8490befb72839321cf87e899e5593f1a8181f96cc
SHA1 hash: 82f194e6baeef6eefb42f0685c49c1e6143ec850
MD5 hash: 20a04e7fc12259dfd4172f5232ed5ccf
humanhash: uniform-twenty-king-oregon
File name:482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a.bin
Download: download sample
Signature Cuba
Create hunting rule
File size:148'480 bytes
First seen:2021-12-24 18:12:22 UTC
Last seen:2021-12-24 20:12:24 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 83de7cbd89e0f17a9c11503452c3da00 (1 x Cuba)
ssdeep 3072:2jJbNvuT8aktqShKUocWWISUGlPK4NqQvEGEtJYxTZ:w3uctnJUSRqiE0xTZ
Threatray 945 similar samples on MalwareBazaar
TLSH T189E37C11B5D18472E4B3093119F69AA6DC3EF9343B5189FBA3D7062ACE301E06A35D6B
Reporter Arkbird_SOLG
Tags:cuba exe Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
341
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
E.exe
Verdict:
Malicious activity
Analysis date:
2021-07-13 15:50:41 UTC
Tags:
ransomware
Link:
https://app.any.run/tasks/09680904-22d2-49a9-a19d-23e69b18aa2f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
Cuba
Create hunting rule
Link:
https://www.capesandbox.com/analysis/216221/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.34137.432.19087.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Moving a recently created file
DNS request
Encrypting user's files
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3117/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cuba filecoder greyware wacatac zeppelin
Link:
https://www.filescan.io/uploads/61c60db3ec6c6c14a9efbc81/reports/f6120d92-d838-4c35-b49a-b5decf38e99e/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cuba Ransomware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6a0e9efe-cb8a-49e9-be79-dbb3963d7506
Result
Threat name:
Cuba
Create hunting rule
Detection:
malicious
Classification:
rans.spre.evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/815317
Signature
Found Tor onion address
Infects executable files (exe, dll, sys, html)
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Writes many files with high entropy
Yara detected Cuba ransomware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a/
Threat name:
Win32.Ransomware.Cuba
Create hunting rule
Status:
Malicious
First seen:
2021-07-07 18:53:32 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
28 of 43 (65.12%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
19cf4ce7f3aa0cb41dae8a27aa4421dce752bb3e083e8e0daf138bdfc113c7e6
Cuba
36d0c6d5280a29e061d07ad6eac7236e063ee8023ac398bb6d3f34a3f8aacb83
Cuba
5ecfe4ce56696312991f74569ffbe173a6dda8878dd2eb2c2ee109a4a4d4740f
Cuba
8e1746829851d28c555c143ce62283bc011bbd2acfa60909566339118c9c5c97
Cuba
92d244554671489e469aa000c0a2bb2e5483ed5e30858c4a0f9a745532c19a07
Cuba
9f7fd0ad05c3b8f6d3945a0753b7b20fc53528cfbf7c8b4a2ab7f49795937b44
Cuba
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
Cuba
cc43f37f9eb41430bbfb6f1515b65c5fd2bc7b7565701c71aa65731fdf46c288
Cuba
e04335ac94e24921533541cae7480092fc25063caa280ebe3ed5a8697af3a844
Cuba
fa36868347a2123d27edf7866bd82006c246b078c06d8138179701973caa2d15
Cuba
+ 935 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware
Link:
https://tria.ge/reports/211224-wtq8ssehf8/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Deletes itself
Unpacked files
SH256 hash:
482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a
MD5 hash:
20a04e7fc12259dfd4172f5232ed5ccf
SHA1 hash:
82f194e6baeef6eefb42f0685c49c1e6143ec850
Link:
https://www.unpac.me/results/3446e294-2309-470d-b990-df343e8240bc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/482b160ee2e8d94fa6e4749f77e87da89c9658e7567459bc633d697430e3ad9a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MALWARE_Win_Cuba
Create hunting rule
Author:ditekSHen
Description:Detects Cuba ransomware
Rule name:MALWARE_Win_Cuba
Create hunting rule
Author:ditekSHen
Description:Detects Cuba ransomware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/216221/

Comments