MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea
SHA3-384 hash: d6159615bf50bd05f9553db22a58df383bab125b1622fbe55f246498288ca23cf7c04dcb433455c1213f9734679cc881
SHA1 hash: 98b3fb74b3e8b3f9b05a82473551c5a77b576d54
MD5 hash: 42e52b8daf63e6e26c3aa91e7e971492
humanhash: bluebird-comet-florida-oxygen
File name:a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea.bin
Download: download sample
File size:9'216 bytes
First seen:2022-03-14 19:01:09 UTC
Last seen:2024-07-03 12:30:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ea8609d4dad999f73ec4b6f8e7b28e55
ssdeep 192:76f0CW5P2Io4evFrDv2ZRJzCn7URRsjVJaZF:76fPWl24evFrT2ZR5Cn7UR0VJo
TLSH T15B12A734A10DD0E5F0A584B93691EE1F11E02634638FA04BF3D62ED62865BE7716AF87
Reporter Arkbird_SOLG
Tags:CaddyWiper exe Ukraine Wiper

Intelligence

File Origin
# of uploads :
6
# of downloads :
579
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5715721851666432.zip
Verdict:
Suspicious activity
Analysis date:
2022-03-14 15:51:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/01a063e3-7870-4f00-b7b1-3f327fe3f23b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/250386/
Detection(s):
SecuriteInfo.com.Variant.Razy.728059.13436.21014.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Changing a file
Adding an access-denied ACE
Sending a custom TCP request
Modifying an executable file
Creating a file
BSOD occurred
Rewriting of the hard drive's master boot record
Encrypting user's files
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9171/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/622f9131dfdfa8501c9f7fd8/reports/b6c7113e-8067-41bc-ae94-9e117d62a35f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/664341d0-1cd9-414f-896b-e525fdeb7259
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
64 / 100
Link:
https://www.joesandbox.com/analysis/956491
Signature
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea/
Threat name:
Win32.Network.CaddyBlade
Create hunting rule
Status:
Malicious
First seen:
2022-03-14 19:02:10 UTC
File Type:
PE (Exe)
AV detection:
35 of 42 (83.33%)
Threat level:
  3/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit persistence ransomware spyware stealer
Link:
https://tria.ge/reports/220314-xqc3fabbh9/
Behaviour
Checks SCSI registry key(s)
Suspicious use of AdjustPrivilegeToken
Drops desktop.ini file(s)
Writes to the Master Boot Record (MBR)
Reads user/profile data of web browsers
Modifies extensions of user files
Unpacked files
SH256 hash:
a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea
MD5 hash:
42e52b8daf63e6e26c3aa91e7e971492
SHA1 hash:
98b3fb74b3e8b3f9b05a82473551c5a77b576d54
Link:
https://www.unpac.me/results/8595f6f4-25dd-4043-a11d-2cec3519de8f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/a294620543334a721a2ae8eaaf9680a0786f4b9a216d75b55cfd28f39e9430ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://mobile.twitter.com/ESETresearch/status/1503436420886712321
Cape
Cape
https://www.capesandbox.com/analysis/250386/

Comments