MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cda5e5ad6ca68a803516013fbf62e6b06383b20fccf1ee6aed4730c916a3b55. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cda5e5ad6ca68a803516013fbf62e6b06383b20fccf1ee6aed4730c916a3b55
SHA3-384 hash: 60f8dcc1677aea117bf796aa61960d7679ddee66b313532564443dd8b72ab94c68271cf797907b968feae345bb134276
SHA1 hash: 2298b13875d28f4a6b4d3f62aebbac9da15518d5
MD5 hash: a94eb4184756d8fb0e85081d62ebafec
humanhash: north-jersey-video-mockingbird
File name:9cda5e5ad6ca68a803516013fbf62e6b06383b20fccf1ee6aed4730c916a3b55.dll
Download: download sample
File size:1'475'072 bytes
First seen:2020-07-05 18:06:48 UTC
Last seen:2020-07-05 18:31:51 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 5e5ac8ab7be27ac2d1c548e5589378b6 (11 x GuLoader, 6 x Stealc, 5 x RedLineStealer)
ssdeep 24576:SOXXsqPwKn7uhGXTzWAohm2Zm/b7TInzmMP1nRBHtkIZV0I7V62pzH:SOHsqIIuAXPFIzLfBNkkVBpzH
Threatray 15 similar samples on MalwareBazaar
TLSH 416533F710066E5ACCCDCA7EA39A1D852D99FA15089F30DE1E9BDB43E0912DE194C70E
Reporter Anonymous
Tags:Ransomware sekhmet

Intelligence

File Origin
# of uploads :
2
# of downloads :
123
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/20762/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.31368.10576.22526.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Creating a file
Sending an HTTP POST request
Launching a service
Launching a process
Changing a file
Modifying an executable file
Creating a file in the Program Files directory
Creating a file in the Program Files subdirectories
Reading critical registry keys
Moving a recently created file
Creating a file in the %temp% directory
Moving a file to the %temp% directory
Creating a file in the %AppData% directory
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Reading Telegram data
Creating a file in the Windows directory
Connection attempt
Searching for the window
Stealing user critical data
Encrypting user's files
Enabling autorun with Startup directory
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cda5e5ad6ca68a803516013fbf62e6b06383b20fccf1ee6aed4730c916a3b55/
Threat name:
Win32.Packed.EnigmaProtector
Create hunting rule
Status:
Malicious
First seen:
2020-03-27 21:00:34 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  1/5
Verdict:
suspicious
Similar samples:
34e142c3ca75844c48639cfc8f60513d23c02a65addef3bce69f5b49b34277a1
5261874485f9fe16a78a558734e8652f93db1d544f3be331e7f6adc06f43ee98
5b5eab7a12fdfc6cc39e39193b7a9020ee46e72acac70033236ef9b6b2da32c7
5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49
5fc42d8d65da12afe624f5b959b3318a808fe18640d497fa5ed7530748e7935a
6c90f16a6932be921cbb44b9e4531cf36e5ded6d5dd0016c4309a56ab8a96461
88e03236b248d004923161c7928a1546cdffd0b6e8c30a22b1d49b05dca9b2da
e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf
eddc999a7e76c2af01abaa813a903686f6f5b7ff94a7587c071bf2d2243b5239
f4901daf97516f9a9b54233dd81810398de07db40d47072f37d90b4225387fd2
+ 5 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/200705-efxz5a5a16/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.virustotal.com/gui/file/9cda5e5ad6ca68a803516013fbf62e6b06383b20fccf1ee6aed4730c916a3b55
  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/20762/

Comments