MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PlutoCrypt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073
SHA3-384 hash: 8c127819f4563a8c77fa4c505b605fa47a5796b23022ff7d980368990614182ea5ce97904c64246000dbac276c5840f7
SHA1 hash: 2fd12e84f924b54bb39e4bce9f7f608cc44bab09
MD5 hash: 1933070201c7cb528ea98a68fe6b392f
humanhash: colorado-dakota-saturn-batman
File name:task.xml
Download: download sample
Signature PlutoCrypt
Create hunting rule
File size:5'412 bytes
First seen:2023-04-14 16:25:01 UTC
Last seen:Never
File type:
MIME type:text/xml
ssdeep 96:csiHeOnkntGki3igV9ll7UY5hFhIJLjXCcelF8kcelF8mbpNQ8v+:14ytw3j7h8FjyceldceltbpK8v+
TLSH T1FAB1A0132BEA1089B2F75B18ABFA70B34E67FD555838D4BC1058550CCBF3EA18861B76
TrID 90.3% (.) Windows 7 Task Scheduler job (141000/1/20)
7.6% (.XML) Generic XML (UTF-16 LE) (12000/1)
1.2% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
0.6% (.MP3) MP3 audio (1000/1)
Reporter 0xToxin
Tags:199-192-20-58 plutocrypt Ransomware xml

Intelligence

File Origin
# of uploads :
1
# of downloads :
400
Origin country :
IL IL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.BZC.WBO.Boxter.371.7C51233F.20060.9734.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
20%
Link:
https://www.filescan.io/uploads/64397e62f4a1f6ede14ec9cc/reports/21b6c991-c49a-4c58-a95b-0350c67a636f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073/
Threat name:
Script.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2023-04-06 15:18:51 UTC
File Type:
Text (XML)
AV detection:
4 of 37 (10.81%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ns7ngh67kvkovuq55hgn2ewmy3m7bnhk6x4hjtuwca5lah2sebzq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
SNC
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6cbed31fdf5554ead21de9ccdd12ccc6d9f0b4eaf5f874ce96103ab01f522073

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments