MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 924cc338d5d03f8914fe54f184596415563c4172679a950245ac94c80c023c7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 924cc338d5d03f8914fe54f184596415563c4172679a950245ac94c80c023c7d
SHA3-384 hash: dfd1ef617f7ad76cbff5322a2e90b7058210b117b07fb45304a150041b4aaa2747cf6f42a3f6cdcb3f70c94b3a164fd7
SHA1 hash: 939e84218cd1116b10166ed8352c11ad16cc2585
MD5 hash: a0609d7ad40461dab889944bfe8ca588
humanhash: music-twenty-diet-wyoming
File name:3agpke31mk.exe
Download: download sample
File size:5'637'632 bytes
First seen:2020-04-30 07:36:11 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 8c1957dde2f628fdcbe049f10f2266a0
ssdeep 98304:7Y+KQ0CO444hl1p7xFMe7rbbbbt+Gwd57qw:7Y+KQ0R44Q1rbbbbt+F
Threatray 1 similar samples on MalwareBazaar
TLSH 03465C20B6419118F9F341F39EFDA5AD542CB5B04B9850D3B1CC1AEEA7A9BE13D32643
Reporter jarumlus

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Ransomware.LooCipher-7001151-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Loocipher
Create hunting rule
Status:
Malicious
First seen:
2019-06-19 07:01:51 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
25 of 29 (86.21%)
Threat level:
  2/5
Verdict:
malicious
Similar samples:
bc2cea17da33c23edbb0c86ab00b3ec3b4a2f4da84fb075922e41b7bf6b654f0
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 924cc338d5d03f8914fe54f184596415563c4172679a950245ac94c80c023c7d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/210142/
  
URLhaus
https://urlhaus.abuse.ch/url/210694/
  
URLhaus
https://urlhaus.abuse.ch/url/210698/
  
URLhaus
https://urlhaus.abuse.ch/url/210701/
  
URLhaus
https://urlhaus.abuse.ch/url/210693/
  
URLhaus
https://urlhaus.abuse.ch/url/210905/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
KERNEL32.dll::CreateProcessW
KERNEL32.dll::CloseHandle
WININET.dll::InternetCloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
KERNEL32.dll::GetSystemInfo
KERNEL32.dll::GetStartupInfoA
KERNEL32.dll::GetStartupInfoW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetConsoleCtrlHandler
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateHardLinkW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileExW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextA
ADVAPI32.dll::CryptGenRandom
WIN_USER_APIPerforms GUI ActionsUSER32.dll::EmptyClipboard
USER32.dll::OpenClipboard
USER32.dll::PeekMessageA
USER32.dll::CreateWindowExA
USER32.dll::CreateWindowExW

Comments