MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63
SHA3-384 hash: 88c5a376486f29b7bd02cfbe9ebd1e4dba27b20ea43266066920e59b5e82ef99897af297c87382b7400e22b2971d15ea
SHA1 hash: fde5f666007cdb1fd1dddd2fefbed916992e9e65
MD5 hash: 46a1325bb01e37e0ee2d2ba37db257f2
humanhash: utah-pizza-double-queen
File name:98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63.bin.sample
Download: download sample
File size:717'632 bytes
First seen:2021-10-28 15:53:27 UTC
Last seen:2021-11-25 14:36:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ed4f5f04d62b18d96b26d6db7c18840 (225 x SalatStealer, 78 x BitRAT, 42 x RedLineStealer)
ssdeep 12288:/J0PAR/q3j1+0IWTE1DCNut02PELUUGIm95D4cWCsvQMi0KDRZpIVG7GEH:/JP8o0VE5CNQSI/IU4cWCsPuRZpIY7Gw
Threatray 1 similar samples on MalwareBazaar
TLSH T19AE4231BE31BA629C5284F358908B98A7CEB13F7700116DA07BFD9C21DF8648D7A5F25
Reporter KodaES
Tags:Debug Encoder exe golang


Avatar
KodaES
https://www.virustotal.com/gui/file/98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63/detection
https://blog.morphisec.com/decaf-ransomware-a-new-golang-threat-makes-its-appearance

Intelligence

File Origin
# of uploads :
5
# of downloads :
224
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/200983/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.46961514.10539.18071.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a file
Creating a file in the mass storage device
Encrypting user's files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/9afcb04f-6768-4522-bca3-1a40bb3a9dba
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/878760
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 511196 Sample: WBLhltxm7x.sample Startdate: 28/10/2021 Architecture: WINDOWS Score: 56 13 Antivirus / Scanner detection for submitted sample 2->13 15 Multi AV Scanner detection for submitted file 2->15 7 WBLhltxm7x.exe 152 2->7         started        process3 process4 9 cipher.exe 3 7->9         started        process5 11 conhost.exe 9->11         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63/
Threat name:
Win64.Ransomware.Encoder
Create hunting rule
Status:
Malicious
First seen:
2021-09-12 00:54:06 UTC
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3a7e260aec294903b08eb34f2b9a985bd38bd66a409bbb7e58bd8f4e5c3a7806
Result
Malware family:
darkside
Create hunting rule
Score:
  10/10
Tags:
family:darkside ransomware upx
Link:
https://tria.ge/reports/211028-tb73gsbhb3/
Behaviour
Suspicious use of WriteProcessMemory
Modifies extensions of user files
DarkSide
Unpacked files
SH256 hash:
98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63
MD5 hash:
46a1325bb01e37e0ee2d2ba37db257f2
SHA1 hash:
fde5f666007cdb1fd1dddd2fefbed916992e9e65
Link:
https://www.unpac.me/results/7f4f6b2b-9bc1-463c-9ba8-9f9610b5905b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/98272cada9caf84c31d70fdc3705e95ef73cb4a5c507e2cf3caee1893a7a6f63

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/200983/

Comments