MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b7a2dff949a14956a679adb981bbec0aec0e198c04a454f54c5e9dcf5854b54. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b7a2dff949a14956a679adb981bbec0aec0e198c04a454f54c5e9dcf5854b54
SHA3-384 hash: f75f13cd727ce187fecd3bd723e8c655fc8603e5c21dd57d7f91eb8baf732df4bcabe43b33122c4d4e923967e8249510
SHA1 hash: e1b74e59cb444a2d610c8be23ce396bc4365cf1d
MD5 hash: 2dc218b43cb13de278f4f068c503a6e3
humanhash: juliet-pluto-nebraska-snake
File name:2DC218B43CB13DE278F4F068C503A6E3.bin
Download: download sample
File size:173'568 bytes
First seen:2020-06-22 07:22:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b3136fe85eae390253db1826a5ad01dc
ssdeep 3072:fXjXtEWuPrEKAbymJjiBWyAqNbRPovVtVHqVeUfgWZS99:fXjSjr0byEso2dqVjHqVtg
Threatray 100 similar samples on MalwareBazaar
TLSH 90049D22B2C08473E1624E788E6593AD763AFE301F2C155E79E55D8A6E3B3D1613C2C7
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/12426/
Detection(s):
Win.Ransomware.Crypmod-7171719-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b7a2dff949a14956a679adb981bbec0aec0e198c04a454f54c5e9dcf5854b54/
Threat name:
Win32.Ransomware.VegaLock
Create hunting rule
Status:
Malicious
First seen:
2019-03-20 09:40:41 UTC
File Type:
PE (Exe)
AV detection:
39 of 48 (81.25%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1561967cff081a9b139de45a82e6a61e2f5b01834d4666f2fc88cf0c52220268
15e3107a2c30da16832db6f9cdadd38c7a202d72b6a43899b9642d3b695d6f50
1cdadad999b9e70c87560fcd9821c2b0fa4c0a92b8f79bded44935dd4fdc76a5
1d21886bb28a6dfb2f331cb95cf7b74dbb5ae79dc70bbcd7451f15afd53999e1
2dd8d8da874291739d1acf6a42d09a45fcf89a6faeb1011357dc58830dde4e76
667ae0abe8e26c9518983da85ba06110e8a321c52497348bd8fe57a61cc7695b
88b855230b87d175f2d18abc165aeabc52e8f2952ac09d2db7e0f4d012f3ec43
8d44fdbedd0ec9ae59fad78bdb12d15d6903470eb1046b45c227193b233adda6
d451e3e7766abda3a6406d3e52ed8d123daa52409bb7905a44694855fa923888
f40b9e6f7cfed63bba3b6eae6b0403ab26906caa77830027ed39a05918c4b877
+ 90 additional samples on MalwareBazaar
Result
Malware family:
jamper
Create hunting rule
Score:
  10/10
Tags:
ransomware persistence trojan family:jamper
Link:
https://tria.ge/reports/200624-ev686qyxtx/
Behaviour
Suspicious use of WriteProcessMemory
Runs ping.exe
Drops file in Program Files directory
Adds Run entry to start application
Enumerates connected drives
Deletes itself
Loads dropped DLL
Executes dropped EXE
Jamper,Ghost
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/12426/

Comments