MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a0b4611fde48b7a3ae05cc87251f47f34f3b837bc0402f86ec05cfc1edadc13f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a0b4611fde48b7a3ae05cc87251f47f34f3b837bc0402f86ec05cfc1edadc13f
SHA3-384 hash: 6733fd7dfbaa8ac289f69d7e9a3ad6c45313e5139a8df8f15b896be2968843b87c44b3aa9afc5f325897aecb59761958
SHA1 hash: ecf27e9c04eec0f3198e641f57225db75c4a86f5
MD5 hash: db3f3b64984d9a1848656ed57232c5ef
humanhash: uranus-jupiter-orange-happy
File name:PassLock.exe
Download: download sample
File size:35'840 bytes
First seen:2020-03-18 09:43:05 UTC
Last seen:2022-04-28 11:09:23 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'659 x AgentTesla, 19'469 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 768:Y5f+yPgLDQqxTK0GsFHMh16wK1h4CieskhahGM:Y5f+1LnTGs2G3eeRUhGM
TLSH 3EF27C2273A48733D17D7EB81A71B10047F5BA61E51ADB6D2E8C61EC08E374947E2F62
Reporter fbgwls245
Tags:Ransomware PassLock Wiper

Intelligence

File Origin
# of uploads :
2
# of downloads :
128
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Encoder.30948.18407.19748.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
ByteCode-MSIL.Trojan.Encoder
Create hunting rule
Status:
Malicious
First seen:
2020-02-04 14:11:46 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  2/5
Verdict:
malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a0b4611fde48b7a3ae05cc87251f47f34f3b837bc0402f86ec05cfc1edadc13f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/siri_urz/status/1224625181101944834

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high

Comments