MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489
SHA3-384 hash: 5d3a599a228b601b332f9dde82d4ffef23268d0033bb9fe84d1990fd9d62d64f76aa6a47e482fd22c32b0ee99c7587fc
SHA1 hash: b796feff2a7b73b3c18dda6155aeb6ed8dfc4d9a
MD5 hash: eb5dbb3297e66e4074290a369be74144
humanhash: cola-arkansas-paris-emma
File name:eb5dbb3297e66e4074290a369be74144
Download: download sample
File size:480'352 bytes
First seen:2021-09-25 17:05:46 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 5a793c1af998657d8cb142c6b1ce3fb8 (1 x RedLineStealer)
ssdeep 12288:GR7f00UEB2qyJWbmpmSJpV+l6O97XFNnxa9SsrVM5UeR6C:iU2qRVOTPaD6RP
Threatray 1 similar samples on MalwareBazaar
TLSH T18BA423A0DC51CC47C46F7EB0C25110165A9E1D6F1A8FFF9922B633BDEF08224A559CE5
Reporter zbetcheckin
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
127
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
eb5dbb3297e66e4074290a369be74144
Verdict:
Suspicious activity
Analysis date:
2021-09-25 17:08:00 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8d4901b6-7e63-4a7d-81cc-5ae40c8f8379

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/191565/
Detection(s):
SecuriteInfo.com.Variant.Doina.24631.30805.7956.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Malware family:
Ryuk
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/74109bdf-ab4c-4428-ba5c-917d30fb8ff6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/858084
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Tries to evade analysis by execution special instruction which cause usermode exception
Tries to shutdown other security tools via broadcasted WM_QUERYENDSESSION
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489/
Threat name:
Win32.Trojan.Sabsik
Create hunting rule
Status:
Malicious
First seen:
2021-09-25 17:06:09 UTC
AV detection:
18 of 45 (40.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
ryuk
Create hunting rule
Similar samples:
25149614d2732a9db3e86ee490064f943cef5747b19d937d2f3cc2d7e13d29b7
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210925-vmfcaadfem/
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
bccdb38d378295e730eea3fc88e8eeaf081c01d6795180c40730d2c934f92a61
MD5 hash:
5a0209da8bcd4dc98f3048da510f7692
SHA1 hash:
610e4f6a3f1290cfe0abd8dc06e77e1933f5b8c5
Link:
https://www.unpac.me/results/7ea9a182-daa1-4a4b-8cf5-bde467276552/
SH256 hash:
64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489
MD5 hash:
eb5dbb3297e66e4074290a369be74144
SHA1 hash:
b796feff2a7b73b3c18dda6155aeb6ed8dfc4d9a
Link:
https://www.unpac.me/results/7ea9a182-daa1-4a4b-8cf5-bde467276552/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.17
Link:
https://yomi.yoroi.company/submissions/64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 64ed3e89fb128c7331af068406ef798501349167efda88d24b7cdde2dcd7b489

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1643630/
Cape
Cape
https://www.capesandbox.com/analysis/191565/

Comments


Avatar
zbet commented on 2021-09-25 17:05:46 UTC

url : hxxp://f0583508.xsph.ru/crbuiol.exe