MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
SHA3-384 hash:	9a6534dd97d6b214c1c63ca529d37eaf8e5f4ed29451094433eb45cd5f2590c3c58775e1369b92ec2fceeb614cb6af03
SHA1 hash:	08c2d71489f6e203d9281904e933a797d5822463
MD5 hash:	ef8fe9e54b324a7b8c52dd55970c3eee
humanhash:	blue-angel-blossom-march
File name:	9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9
Download:	download sample
File size:	22'016 bytes
First seen:	2020-03-18 02:53:46 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	db504a73b3ca427a300fe5b1b39306c1
ssdeep	384:7rwgu4oJuTJj+XZ9Y9qkyUI07jn6qq9fUaIfqfxWkqxrF6ZlvH38R0V:HaJU+Je9Lwjn9fU7q55AQDHr
Threatray	36 similar samples on MalwareBazaar
TLSH	30A2D08ABD61A41EC4EC24B3484CC129E3736675BAA4F763DE7D62130A33E9C899C10D
Reporter	fbgwls245
Tags:	#Ransomware #Makop

Intelligence

File Origin

# of uploads :

# of downloads :

133

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Upx-48

PUA.Win.Packer.Upx-4

Gathering data

Threat name:

Win32.Trojan.Phobos

Status:

Malicious

First seen:

2020-03-11 00:39:58 UTC

AV detection:

29 of 31 (93.55%)

Threat level:

5/5

Verdict:

malicious

1e9a378d66d43b083d03a891048a93078ec11bf0f117b7e106dba91caefe1e75

335c0e4430a08956f796611b3ebf273117e784ee1d728d7b8fcb9997c98735cc

52b5acea07811f9583306a5dac3c346f5307e99c833bc28e2c380117973acd58

61d9ac86c9e84f051340bf2adedaa4eb4fc7960e01f8a00d66d2ebd4201489e2

a81b58feebb60b6aba3ccc7adefade4332c13b95dabe08e91509703fb1fd401c

ba7bdbafafbe370874a0a1a53e71176f76944663d6a113d5f7a673301c2c22d8

c3be55a58b2afa08ba8520d981c50ab773113da36b139985ad16e5fab39ac145

d98b551ba123d7020b8bcc1835f0bbeb103e50d18a3d341771e1a05b1edfaf87

e4c807505f6c4a6c8369f3e78dc51a7bb5e6969803fc2ee9f992fe623b8a1dd6

+ 26 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Unknown

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 9385c94181cda268839695c6b7adf6afd3218a44be5e31fa11eac8cee54f6db9

(this sample)

https://twitter.com/fbgwls245/status/1239088025725894657

Delivery method

Distributed via e-mail attachment

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	KERNEL32.DLL::LoadLibraryA
WIN_NETWORK_API	Supports Windows Networking	MPR.dll::WNetOpenEnumW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample