MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Pojie


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
SHA3-384 hash: 17be730623417260ad48b84e300c202335e7c15b0c75564de9771e24e9c6233e0809f60b4805ec1042f2f36a022541cf
SHA1 hash: 81b190f81734d38741dcbbc8384505ede2c30ac5
MD5 hash: abec217429330d3c6cb587d614331bd8
humanhash: bravo-nevada-tennis-one
File name:82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55
Download: download sample
Signature Pojie
Create hunting rule
File size:937'984 bytes
First seen:2020-07-02 15:44:31 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c5baaccffee3e58a544f75619f073ee9 (1 x Pojie)
ssdeep 12288:105zRTowBT4MujEX7enaGFEkfIUwAbB+SAzxTkxMIxEWUe:105tTogT4zjQ7waGqkf3eWMRWUe
Threatray 63 similar samples on MalwareBazaar
TLSH 6E159F62B28180F2D615393158FBE739DE3597460B29CA839398DE796C33391AF3325D
Reporter JAMESWT_WT
Tags:Pojie Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
213
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18515/
Detection(s):
Win.Malware.Zusy-6840460-0
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/82385c5627675bb1a2f760238c766d1b8d3c31e109e067334959c084d62e5d55/
Threat name:
Win32.Ransomware.FileCoder
Create hunting rule
Status:
Malicious
First seen:
2020-07-02 15:46:04 UTC
File Type:
PE (Exe)
Extracted files:
48
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1999b762b70626f425b7b8d79318c6f595b9f54b3cad5281baf3c5a660223dfc
Pojie
31153d0989d41bd597297136f2457681ac68bb89051509bba7d52c10c554a09e
Pojie
3bb1bbf49c6e224032025dc7dacb3862e8b16c8b39e5cc19c5aceda4dbc917d9
Pojie
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
Pojie
5edc0beea63d8b8533a31663df2bc2e860607c9befbd5fefc054afec6ce18ec9
Pojie
683fa4be9635d3399ee7eb05dde053930faa95aae3f022cdc0e13e5980438b43
Pojie
799b7395c9f279d8cd1cd24657788ecb37db7ae03c0dddeb3344a95a551d1325
Pojie
8e3915f9ae220c0245e27de1ff632339aec8f12b80960f941c41e51ec1e25fa3
Pojie
90924d67096320aa95b51034c85f09afd83dcecc5be6285b4d14d7973293eee7
Pojie
bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82
Pojie
+ 53 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/200702-1dmljqtdra/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates connected drives
Drops desktop.ini file(s)
Enumerates connected drives
Drops desktop.ini file(s)
Loads dropped DLL
Executes dropped EXE
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/siri_urz/status/1278669014659559425?s=20
Cape
Cape
https://www.capesandbox.com/analysis/18515/

Comments