MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db
SHA3-384 hash: f9110a0eea8a28e0734e90412d95f94f719e8b0848fbb23677146bab45c35454e18fd6005c71e257665054d72c6db8d4
SHA1 hash: 77c51830dcd6dbd69f007940ac42aadae65d0111
MD5 hash: 84742ca498d197d5c85500c319bd7692
humanhash: fish-oscar-one-papa
File name:gost.exe
Download: download sample
File size:12'455'288 bytes
First seen:2020-06-12 09:06:39 UTC
Last seen:2020-06-12 09:44:52 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ca04e1e58d6a21ec254582373c84dfcb
ssdeep 196608:NYUH8NO3ZNVHC59wQjnQhKqYfU2fzB9PC9QUQd/:lVi8OnQhTUB9PC9Qn
Threatray 44 similar samples on MalwareBazaar
TLSH 0FC65B90FDEB50F5EE03597048ABA23F673062099335CEC7C7449E62F957AD21A37229
Reporter JAMESWT_WT

Code Signing Certificate

Organisation:DigiCert High Assurance EV Root CA
Issuer:DigiCert High Assurance EV Root CA
Algorithm:sha1WithRSAEncryption
Valid from:Nov 10 00:00:00 2006 GMT
Valid to:Nov 10 00:00:00 2031 GMT
Serial number: 02AC5C266A0B409B8F0B79F2AE462577
Intelligence: 204 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: 7431E5F4C3C1CE4690774F0B61E05440883BA9A01ED00BA6ABD7806ED3B118CF
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BackDoor.Meterpreter.121.7797.9800.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Hacktool.PortListen
Create hunting rule
Status:
Malicious
First seen:
2020-06-12 00:18:00 UTC
File Type:
PE (Exe)
AV detection:
19 of 47 (40.43%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
188560c03f91098c43058a6afed5421527621e6586bfe3ffd7d1c9c89d8f5c6a
34c2eed8a266d3b5221bb51f0b5a59712b01d0b339a1db8f626688cb8fb81030
788eb685943b452608a07a44d75be4c5806f1374461596a6ad7cce5569fcf77e
86fce58f93e4087e261c52befbb872ddafeb8129008d5153c90084cd4a4a45d0
9f0c58f568c713eb2a7fc4836806a3e70bcdb41d05bfc75a1f815c64d856afde
b61cf35c2b6ac8352598a823529fc2b72df2d0811d6266fdaa57404798f271e2
b7db5b70b15ebac71e0aa8d7cb4e5f663171721b03157644cc2880a38337048a
c006abbb1bae333e5973f9c419bfd9c3c721698cf2cf3ffbd1048fdfb4de811b
cb1ffa5cd81d50702ee7296cd788a66fa8d5aa422e5cb4cdaca5a2ea4322141f
d5d368c9ba295ef4c36fe1e02452418d14f27512fe153c2f16f7384ca60b3db4
+ 34 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-hzkprqaqg6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe aee048b20edd9abb8eff89b51d3c20e4ae4bfb9df25ca920cb9348f4d98ec3db

(this sample)

  
Link
https://covid19quarantin.com/gost.exe
  
URLhaus
https://urlhaus.abuse.ch/url/388612/
  
Delivery method
Distributed via web download

Comments