MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1
SHA3-384 hash: 7477c2b9808675f96334f395e0757fedf47e32dd926501b1f835f8c11ac1416ad13ba913250f8fc004fa5c41b567e7ce
SHA1 hash: d6256c0adba4c2afae4ddf42b6a05942e483589c
MD5 hash: ef6ffe7dcf8b03bc45f0c5db2e8b5efd
humanhash: fifteen-eleven-london-papa
File name:935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1
Download: download sample
File size:1'859'584 bytes
First seen:2021-03-17 13:40:23 UTC
Last seen:2021-03-17 15:31:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'657 x AgentTesla, 19'468 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 49152:dwBA9vgGXN8X/aZ0hZm1pDycxh0oSkDbZm1HtZSAtE:dOogG+rZmbDyyjDbZmgAt
TLSH E58523632DC153B0E27B82B4EC1392B4D3E6229854F5FFAE6CC498BC509215BCA56FD4
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
2
# of downloads :
112
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1
Verdict:
Malicious activity
Analysis date:
2021-03-17 13:40:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/3230081f-dd79-43ad-89eb-6449ced9c25c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/124565/
Detection(s):
SecuriteInfo.com.Heur.Ransom.RTH.1.15762.19457.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
DNS request
Sending a custom TCP request
Sending an HTTP GET request
Searching for the window
Creating a file
Changing a file
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/642300
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1/
Threat name:
ByteCode-MSIL.Ransomware.TorrentLocker
Create hunting rule
Status:
Malicious
First seen:
2021-03-10 23:43:55 UTC
File Type:
PE (.Net Exe)
Extracted files:
8
AV detection:
31 of 47 (65.96%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210317-jz7yxj7rb2/
Behaviour
Modifies Internet Explorer settings
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1
MD5 hash:
ef6ffe7dcf8b03bc45f0c5db2e8b5efd
SHA1 hash:
d6256c0adba4c2afae4ddf42b6a05942e483589c
Link:
https://www.unpac.me/results/96857bcb-ed30-4850-9747-ddc5f51aaf7e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Ransomware
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/935faf22f44af34fc970f49b16d29cb336918c121c3ca2c7bd3a1cf89dc642d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/malwrhunterteam/status/1372147994561277955?s=20
Cape
Cape
https://www.capesandbox.com/analysis/124565/

Comments