MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8ccd6c8f06c15358e4f76f8e2cd99684ab131d217ea3ae5df9d3fab08925f8bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8ccd6c8f06c15358e4f76f8e2cd99684ab131d217ea3ae5df9d3fab08925f8bd
SHA3-384 hash: feb83427a3981ddc63414e23c006e89dc82a0d9f1ef04ca60d5151eb445f4ceb5169d8cf1319806e93c37bd3e376d7b8
SHA1 hash: cf8f3babd551362ec9ed8101ad562b23002cfb9b
MD5 hash: 942e4b4f03fa258dfabc4bcc36061857
humanhash: jupiter-beryllium-oxygen-michigan
File name:SecuriteInfo.com.FileRepMalware.21893
Download: download sample
File size:176'640 bytes
First seen:2020-05-11 00:23:29 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ed8a3f2f5f2d899607f06b3f8ec09af4 (1 x BuerLoader)
ssdeep 1536:mlL3YJPj9Ok+aO2zJB2mxkbCOXV6RstP/jl4sFSJRIMcPZskMP0vJEh9:mlLAr9SzmabXrtn+sFSJRGC1PO4
TLSH B304BF05BBE0C033C55A94356475C6B26B3EBC212B31624327A85B2F1F217D667BB34E
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.FileRepMalware.21893.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Gandcrab
Create hunting rule
Status:
Malicious
First seen:
2020-05-11 01:03:00 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
26 of 31 (83.87%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence ransomware spyware
Link:
https://tria.ge/reports/201109-tpfshzsaws/
Behaviour
Interacts with shadow copies
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks processor information in registry
Enumerates system info in registry
Modifies Control Panel
Modifies data under HKEY_USERS
Suspicious use of SetWindowsHookEx
Drops file in Program Files directory
Launches sc.exe
Modifies service
Drops file in System32 directory
Adds Run key to start application
Reads user/profile data of web browsers
Stops running service(s)
Modifies extensions of user files
Deletes shadow copies
Suspicious use of NtCreateUserProcessOtherParentProcess
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8ccd6c8f06c15358e4f76f8e2cd99684ab131d217ea3ae5df9d3fab08925f8bd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/360750/
  
Delivery method
Distributed via web download

Comments