MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a3b16892eca5d15d94cf68f0f36200223b9754e0f59c25b3653564135fb42f6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a3b16892eca5d15d94cf68f0f36200223b9754e0f59c25b3653564135fb42f6b
SHA3-384 hash:	6e4869a5e0f1e7b24a4b1b2fa48d442e1add2c84400a561f65d7baa020c7213da1758169084e60101fd0ca9c40419ec2
SHA1 hash:	c6cf6f1025c0a8d32d6dd04ba3ceac6224f24b3c
MD5 hash:	51328d704abe22e51cc20a8ac715443b
humanhash:	crazy-kentucky-uniform-mexico
File name:	51328d704abe22e51cc20a8ac715443b.exe
Download:	download sample
File size:	544'256 bytes
First seen:	2022-06-05 13:00:06 UTC
Last seen:	2022-06-05 13:43:33 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b8e78bd73afb771519a38767f795e9d5
ssdeep	6144:Rwnfbo5SXsbi5GaRbP5kKpebHal4U0cjy8s/yAmX5XE7Fih/R0+7EA89Too/yNOn:RwflxR1tSUUyAmXNSFi/vEA89+L9EQ6
Threatray	66 similar samples on MalwareBazaar
TLSH	T180C4122076E05132F5F39B3464B09AB06B3BB9937575818D172089267F70AD0AFBA377
TrID	48.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 16.4% (.EXE) Win64 Executable (generic) (10523/12/4) 10.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.0% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):
dhash icon	5c59da3ce0c3c850 (12 x Stop, 11 x RedLineStealer, 8 x Smoke Loader)
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

419

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

51328d704abe22e51cc20a8ac715443b.exe

Verdict:

Malicious activity

Analysis date:

2022-06-05 13:06:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1582f424-ce8f-4f72-9f49-3d8399e6c5ac

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/276819/

Detection(s):

SecuriteInfo.com.Variant.Mikey.138210.30044.26085.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Rewriting of the hard drive's master boot record

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

greyware packed

Link:

https://www.filescan.io/uploads/629ca94b2acbe6fdfb627562/reports/462c212e-b907-45d0-b259-170fc6962641/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Pitou

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/e098a38c-18ee-4bf9-8b64-3ea626c6ff1a

Result

Threat name:

Unknown

Detection:

malicious

Classification:

expl.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1006948

Signature

Contains functionality to infect the boot sector

Detected unpacking (changes PE section rights)

Detected unpacking (overwrites its own PE header)

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Yara detected UAC Bypass using CMSTP

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a3b16892eca5d15d94cf68f0f36200223b9754e0f59c25b3653564135fb42f6b/

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2022-06-05 13:01:09 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 41 (58.54%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uoywrexmuxiv3fgpndypgyqaei5zovha6woclm3fgvsbgx5uf5vq._file

Verdict:

malicious

5ab2bd50c3c25890d4764206082ce96132b56cf2a84a576a102d52c364979cad

7488777dd491486b1aea7ec37b6131334f94bc3f90261d91f06a5156f0530232

770f8cd0cae0a7525234dfc5b25f21b90090513d3f80fa06e8c22107ca8bbe01

7e95736b12f455cd096c0eff4a9dfa5b4e3c8108c55464447868ba4351e91fbb

cab31c58eec5fac87df0c7cf52df12ab43280e4e8b9ee50fcde4017689c976b3

cf693fb0c08e8e23de98bb5b848e6ee6f359f1efb26d1488bb9030c899d45005

e74a586b8f1c0b606cde2a079a333ce8f93a3ccf133b049d2de243e52989a275

f40a47af762b5f2270be9a10058551c5a134a2f22210422ab53481569e08ac00

f898e35329ae242f1f8c0e64efde783e9742671336598ad9824073decae40f4a

+ 56 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

6/10

Tags:

bootkit persistence

Link:

https://tria.ge/reports/220605-p87qrseggj/

Behaviour

Writes to the Master Boot Record (MBR)

Unpacked files

SH256 hash:

84e72630846de776f4fca099faca59500751e877ef1e9e0f4c9ff73292f44b43

MD5 hash:

ce5b0d18a6bba7f3c206ae567723968a

SHA1 hash:

71691165b0e385fa616e59fb1af3021d511b4db5

Link:

https://www.unpac.me/results/78e9bc81-0a9d-47f3-b06d-a62119eab235/

SH256 hash:

a3b16892eca5d15d94cf68f0f36200223b9754e0f59c25b3653564135fb42f6b

MD5 hash:

51328d704abe22e51cc20a8ac715443b

SHA1 hash:

c6cf6f1025c0a8d32d6dd04ba3ceac6224f24b3c

Link:

https://www.unpac.me/results/78e9bc81-0a9d-47f3-b06d-a62119eab235/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/a3b16892eca5/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a3b16892eca5d15d94cf68f0f36200223b9754e0f59c25b3653564135fb42f6b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/276819/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample