MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b0e71b1dee18e0fb08f5fe7d6de31a23c2dfc41ad26698634a82b15d2da75b67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b0e71b1dee18e0fb08f5fe7d6de31a23c2dfc41ad26698634a82b15d2da75b67
SHA3-384 hash: 68dfba1da497ac1c71973340477d89de8d97843340a93ee1d248de933c75c0fdc2888848466163b2a20b80c1ed52c863
SHA1 hash: 6fafd10a586c7c152345e5ea80b9fc0660f6478d
MD5 hash: eac4456d96bdef96016747e66a7ab97a
humanhash: romeo-sixteen-mirror-montana
File name:gg.exe
Download: download sample
File size:11'506'569 bytes
First seen:2021-04-14 07:19:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b28c641d753fb51b62a00fe6115070ae (1 x Sality)
ssdeep 98304:5WL6UPI4CMbxdeZAhXhMnHXledIpm8K2tpUxLOKmeqv0D8xdIGZKAEzpB3rLsPm2:5W5PhdAAZiVqxJLWe20OIzpIUMSSr+2
Threatray 14 similar samples on MalwareBazaar
TLSH 30C67B40B7808127D8E501B491F5566B9E34ED73230227D376ACB0BD6BB92E5EA3D3C9
Reporter r3dbU7z
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
gg.exe
Verdict:
No threats detected
Analysis date:
2021-04-14 07:56:12 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/beaa7c89-5b41-4b70-8348-6d304d28fa51

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/134046/
Detection(s):
SecuriteInfo.com.regexpr_pos.983.22088.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Connection attempt
Result
Verdict:
SUSPICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/675045
Signature
Multi AV Scanner detection for submitted file
Potential time zone aware malware
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 386459 Sample: gg.exe Startdate: 14/04/2021 Architecture: WINDOWS Score: 52 14 Multi AV Scanner detection for submitted file 2->14 6 gg.exe 1 2->6         started        process3 dnsIp4 12 54.212.20.151, 4444, 49706 AMAZON-02US United States 6->12 16 Potential time zone aware malware 6->16 10 conhost.exe 6->10         started        signatures5 process6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b0e71b1dee18e0fb08f5fe7d6de31a23c2dfc41ad26698634a82b15d2da75b67/
Verdict:
malicious
Similar samples:
15de7f8defad6bace8c44bd3bd7725c10c0dc8336a58a7e8d92075a651fd61d0
1ec8b22f4a970d74ba70a9271499a038c9edaa54ce022b38107e0e21dbddddf0
35fb2d676947d8b7d6dcd9f1890570fb594e9a341cfb9b341c65d615e20ffdaa
52f137c22685d15df043daabdb9c823e07ecec4df42bcc2fa2c5bd45913d32ea
570c3c298c2d30bfd7d824b0ec8e28b3efa51bf269297348fc5fc30cb81a2d7e
5988de02b33b85a699c9bf68889973ab8b58a08296fa0ee3eeef4102d6ff84f2
ab1ee278de2057a74b9535e9058e4c4b3bee708a3ffb89cda6be7d9e94f58f87
da8b8f45b6446e84e539e1f6244d7b03dc822cf5649e0e8602f6e32cfc41597f
ee86f083fdb8d5e2f4d1d609faf964fa08a01875bc0abb364aeb09bb83c35f8c
fa295a599bdb572b49a1ac053a9af7f2d676ba20f0db785896dc5f43b882a44a
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210414-dpy4xjzhgn/
Behaviour
Suspicious behavior: EnumeratesProcesses
Unpacked files
SH256 hash:
4edd88905e478aac34adabc783a2f695644528f1d8e2426b1f4fa0bcfab03682
MD5 hash:
b64a8677ad7fda3ef730ffc4533fd1f8
SHA1 hash:
521fbddbf5317c9eee221f072fc5564ceef1f8c6
Link:
https://www.unpac.me/results/283e5684-2be5-41d7-b195-1f7062aadc23/
SH256 hash:
b0e71b1dee18e0fb08f5fe7d6de31a23c2dfc41ad26698634a82b15d2da75b67
MD5 hash:
eac4456d96bdef96016747e66a7ab97a
SHA1 hash:
6fafd10a586c7c152345e5ea80b9fc0660f6478d
Link:
https://www.unpac.me/results/283e5684-2be5-41d7-b195-1f7062aadc23/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b0e71b1dee18e0fb08f5fe7d6de31a23c2dfc41ad26698634a82b15d2da75b67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/134046/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-04-15 12:38:32 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0059] Cryptography Micro-objective::Crypto Library
1) [C0019] Data Micro-objective::Check String
2) [C0060] Data Micro-objective::Compression Library
3) [C0026.001] Data Micro-objective::Base64::Encode Data
4) [B0023] Execution::Install Additional Program
5) [C0018] Process Micro-objective::Terminate Process