MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


JobCrypter


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b
SHA3-384 hash: dc09b16917c5b7b82acf1c4e4036ad4d179cf8bfb91515daf9c2e48167e9397960d84c73856658f5e0fe63e2877ac011
SHA1 hash: aafa461e75167de03424f1fec735747da39ec31b
MD5 hash: ecc067775610688181f629bdb695933f
humanhash: social-winter-fillet-snake
File name:457714230.bin
Download: download sample
Signature JobCrypter
Create hunting rule
File size:599'040 bytes
First seen:2021-03-23 07:49:16 UTC
Last seen:2022-09-29 12:35:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'666 x AgentTesla, 19'479 x Formbook, 12'209 x SnakeKeylogger)
ssdeep 6144:tPalz+C7tPkue4ktFzYAt6vZiS4tYA5DJ7RVzmdwv4Etq:g7tMueZFz6ZiTttbRVCmv4Etq
Threatray 587 similar samples on MalwareBazaar
TLSH EAD4A32961794A40CE27D473BAD3C41682FD6D6362B18DE135C433BA0931A74FCA7B9B
Reporter JAMESWT_WT
Tags:exe Filecoder.ABC JobCrypter

Intelligence

File Origin
# of uploads :
3
# of downloads :
1'422
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b.exe
Verdict:
Malicious activity
Analysis date:
2021-02-10 08:13:16 UTC
Tags:
ransomware
Link:
https://app.any.run/tasks/393397cb-3017-4525-89f5-d73e6b9cb779

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/126445/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader34.9335.18384.11564.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Creating a file in the %AppData% directory
Using the Windows Management Instrumentation requests
DNS request
Sending a custom TCP request
Creating a file
Changing a file
Modifying an executable file
Enabling autorun by creating a file
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.spyw.evad
Score:
92 / 100
Link:
https://www.joesandbox.com/analysis/649502
Signature
.NET source code contains method to dynamically call methods (often used by packers)
Antivirus / Scanner detection for submitted sample
Drops script or batch files to the startup folder
Infects executable files (exe, dll, sys, html)
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Tries to harvest and steal browser information (history, passwords, etc)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b/
Threat name:
ByteCode-MSIL.Ransomware.FileCoder
Create hunting rule
Status:
Malicious
First seen:
2020-07-29 00:25:00 UTC
File Type:
PE (.Net Exe)
Extracted files:
13
AV detection:
21 of 28 (75.00%)
Threat level:
  5/5
Verdict:
malicious
Label(s):
masslogger
Create hunting rule
Similar samples:
0f5ed9c64792717b7c69940fc2e3db1a1b21515b506ab1de34da534012a5cac2
JobCrypter
1367648c61fa272ebb3baed76d9df6075a81338bb646e887f2cd4ba9dc374f59
JobCrypter
15c3cfbad0e3b0afe327e53605c463775ef2ae1d5c21b23928a2aa34b7e36719
JobCrypter
305d2dc35b0ce0040b0223e8fb187e04ac7c36e99ad620a7b824035183a2ccea
JobCrypter
34cbecb7d69d17b347da77599976058e0a02a9930a085d1a5b98505fdfb77a46
JobCrypter
354d3e283f994802a084678c53be397a4ea4d46d7e48487e6db6c46f6f91ffb9
JobCrypter
3aeac75dedb84f873b1982843de3adcf11d956f1645eb7a91625de0dd67f1f8a
JobCrypter
a2c3a1451cbc854d4b5929132eb96e9e34b2a1f3bedb490b26699381bb80eeee
JobCrypter
a84ff17c2a70d4953ce67e44cf6a3160feaf4a13d3bdad4aefe94810ef124c44
JobCrypter
d047df658498dd43b18f3adaa2775c42d1103a0c211eb52ff1e312c9f2784149
JobCrypter
+ 577 additional samples on MalwareBazaar
Result
Malware family:
ryuk
Create hunting rule
Score:
  10/10
Tags:
family:ryuk ransomware
Link:
https://tria.ge/reports/210323-cr95mqwm7n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Drops startup file
Ryuk
Unpacked files
SH256 hash:
922c556a1e2b598444ffe777113e51089f1d495023ec1744a709ce303bbb7cdb
MD5 hash:
2d7cea98e8e2b30a08ad740e0aa4a71d
SHA1 hash:
0206a32d440b56bb636d047185afb95f23d13d6c
Link:
https://www.unpac.me/results/1c4bbfae-4570-44bc-bc08-6e98eb228e66/
SH256 hash:
b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b
MD5 hash:
ecc067775610688181f629bdb695933f
SHA1 hash:
aafa461e75167de03424f1fec735747da39ec31b
Link:
https://www.unpac.me/results/1c4bbfae-4570-44bc-bc08-6e98eb228e66/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/b0840f04d3b97ae3c5873249a3a2f6393be99c73b38bbafbb0c7e749d8cb9a9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/126445/

Comments