MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60b28ad78be40bbc9d08b91b21c5d4e07c6952f5be5e32eacee6d055e0279b12. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60b28ad78be40bbc9d08b91b21c5d4e07c6952f5be5e32eacee6d055e0279b12
SHA3-384 hash: 8914471678bcc883d84d36b198806ccc6fdad9c87144715dc3039ab66a40ee25540ca4f04d5001f8f568783a08939def
SHA1 hash: 72bbef2b0f97567844c33ec22b1b3470057e2546
MD5 hash: a0e495354a1e55ace1c808bf7b9539a2
humanhash: grey-uniform-mike-twenty
File name:60b28ad78be40bbc9d08b91b21c5d4e07c6952f5be5e32eacee6d055e0279b12
Download: download sample
File size:54'784 bytes
First seen:2020-03-26 20:51:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ba2ce247fa49357770ce28f139e2f1ab (17 x GlobeImposter)
ssdeep 768:vnvuye1kVtGBk6P/v7nWlHznbkVwrEKD9yDwxVSHrowNI2tG6o/t84B5p7hne/:vjeytM3alnawrRIwxVSHMweio3n7hM
Threatray 13 similar samples on MalwareBazaar
TLSH C4337C83B98242F0F7D3117D5A2B374FA791EB1C0069DAA7D7A51C47CE2028376396E9
Reporter Marco_Ramilli
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.Globeimposter-6991673-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Filecoder
Create hunting rule
Status:
Malicious
First seen:
2020-03-26 22:55:31 UTC
File Type:
PE (Exe)
AV detection:
29 of 30 (96.67%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
123765ca93c6c71f123934f0a1ea08487449d2bfab58f47f9c0a2d4cc645021b
15e8c986c4602c61a474b51d250e03d5bb178eabc8c5a82a242c1a0fa2227704
28858cc6e05225f7d156d1c6a21ed11188777fa0a752cb7b56038d79a88627cc
3e27b6b287f0b9f7e85bfe18901d961110ae969d58b44af15b1d75be749022c2
4d71f1eab01045de9ae76ea248be7746bad70c12ad977eeb6e8f8e46bbce6395
66e5066b4f068a1001c833a8ac60a91c0bc99f36d79950a6b51438950292df03
9d6163d57c9c99026b1203a475f0dac06b6a75a82a83d7c0c19442cb14ba35e5
a68210378135bd42e9a1a8e854fb0cab06f58ffcab9a8583f0654fe9807c5555
c7ea090c263f8b67203a9b0a291d1f2711821bd8489caad226f44a4b588a4579
db8c0d21cf315034515bd28e49435e6cde73954c992c3a5528417019e9b25526
+ 3 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::GetDriveTypeA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateFileW
KERNEL32.dll::MoveFileExW
SHLWAPI.dll::PathRemoveFileSpecW
KERNEL32.dll::GetFileAttributesW
KERNEL32.dll::FindFirstFileW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextW
ADVAPI32.dll::CryptGenRandom
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW

Comments