MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GoCryptoLocker

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825
SHA3-384 hash:	9b58ba19f9442e4bc26a35f9a21a26d32435be76fe6dfff923df2a75312fbabf9a6666b0fbf13776d2105779f0afba4f
SHA1 hash:	0394adee22cc087a07b5f661eeb008fb4083163a
MD5 hash:	8f616ddebbce71e29951a6e9472f2ea6
humanhash:	september-oven-illinois-utah
File name:	main.exe
Download:	download sample
Signature	GoCryptoLocker Create hunting rule
File size:	2'749'952 bytes
First seen:	2020-09-17 10:44:37 UTC
Last seen:	2020-09-17 11:39:51 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	167344a4df394fbba605fc972e41437a (4 x CobaltStrike, 1 x GoCryptoLocker, 1 x Sodinokibi)
ssdeep	24576:NfHnn+7gOrg1ymLqZi9dCof5gjPSJuqaOoNJAXXWLfwuL5E9gwaSw2u3wXIdq6Q9:N/n+7PIyJ09gU0zNJdbwuL5SgXSwAI
Threatray	6 similar samples on MalwareBazaar
TLSH	E4D56B12FCE629B6D5BAF130856192617A32386903327BD31F8595BE2A76FD42F3D340
Reporter	JAMESWT_WT
Tags:	GoCryptoLocker

Intelligence

File Origin

# of uploads :

2

# of downloads :

210

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/62837/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.43811587.9992.9993.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file

Creating a file in the %temp% subdirectories

Creating a file in the %AppData% subdirectories

Reading critical registry keys

Launching cmd.exe command interpreter

Creating a window

Replacing files

Stealing user critical data

Encrypting user's files

Enabling autorun by creating a file

Result

Threat name:

GoCryptoLocker

Detection:

malicious

Classification:

rans

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/468975

Signature

Machine Learning detection for sample

Multi AV Scanner detection for submitted file

Yara detected GoCryptoLocker ransomware

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825/

Threat name:

Win64.Ransomware.Encoder

Status:

Malicious

First seen:

2020-09-11 01:11:13 UTC

File Type:

PE+ (Exe)

AV detection:

16 of 48 (33.33%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

17d67e548d5b9c91ba3b2ce339100803174c32e7ab000cd6d90b461288b558a0

1a1d7e78c5ac2f804e01206111e915963cf51f680776ed02a15cb8353e5f7759

32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b

3b6d04d6b629c1bdab4f15b0aa0d1e7792078b21cf876ec4c630243de1b47ac3

67e4e4eb893a2386e782d4d4c7a44eaf70388cad0bb32f30fa3a06e466f583fd

bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://tria.ge/reports/200917-swwyjv2gme/

Behaviour

JavaScript code in executable

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Filecoder

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825

File information

The table below shows additional information about this malware sample such as delivery method and external references.

X

https://twitter.com/malwrhunterteam/status/1306543440138768386?s=20

Cape

Cape

https://www.capesandbox.com/analysis/62837/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample