MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a923d3edff104f24aef659133a5fe3b9c76294e322002a35a8bf773d445a5c08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a923d3edff104f24aef659133a5fe3b9c76294e322002a35a8bf773d445a5c08
SHA3-384 hash:	d569cdacc3b65f3fc4fde3799b35c12923034d321e687e5435be2a8924cc61b1d31d2a3de3e03e422ed26b64e1671da3
SHA1 hash:	97a366efce79c7cf8c029fcab82e5e09db427952
MD5 hash:	d976b5678fa0ec2f68f132e9ba283fcd
humanhash:	december-crazy-violet-blossom
File name:	SecuriteInfo.com.Mal.GandCrab-G.28567.16220
Download:	download sample
File size:	362'496 bytes
First seen:	2020-06-18 09:33:21 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6fb5d65eee48767215290babfd6c1b31 (1 x RaccoonStealer)
ssdeep	6144:WqlX+P4HDuIkPYUq/1zu6j1rjwMwH/h0t1lGp/RaBlaoyubS6BD:N5+QHSpqNRj1rM/ChKerlN
Threatray	33 similar samples on MalwareBazaar
TLSH	DC74D01179A0CB3CD5A702311CF7BB7D5A7EBC660D30894726B47B0E2D703D1A626B9A
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

74

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/19703/

Detection(s):

SecuriteInfo.com.Mal.GandCrab-G.28567.16220.UNOFFICIAL

PUA.Win.Downloader.Aiis-6803892-0

Gathering data

Threat name:

Win32.Ransomware.Stop

Status:

Malicious

First seen:

2020-06-18 09:35:31 UTC

AV detection:

26 of 29 (89.66%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

34d6b5b7b09f0d4c0228f41f8e262278b3d9b9708d37be7f18b05bf6a79061ad

361fb6895164e8e130e6fc3f6dc984af355294173c5e385d0ac35d6df61aea60

486dcd8d1c728a03a0dfa21754835bb14ad6f35491b6818ac71d212f4e078856

52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea

6ce198f9f9d2f0090d77194b1c5ec0da022ae82a021d54e68bb6dcff99eacdbe

78cb6053d76d453fb3885f47c1634fc28e20862a5a73bcdc1557e5620ae7416f

8499aa17997bfbe03592e33e82df1c674f1b57ba3d372355e690b9468ea6fea2

8632fe4db48026aebe76829dc79cfc6f1e94670507a69e6d11a1b7abde3d5612

e3c98c2ca7e4be4d14e9040f22c4a88bc512cb0e8d093af37360d035e45c5678

e5420c67e6613cf86f490123904ea3ae05187932f3282b8fa25d94959b0a5bc2

+ 23 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware

Link:

https://tria.ge/reports/200624-gkx761f28x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe a923d3edff104f24aef659133a5fe3b9c76294e322002a35a8bf773d445a5c08

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/396008/

Delivery method

Distributed via web download

Cape

Cape

https://www.capesandbox.com/analysis/19703/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample