MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0
SHA3-384 hash: 2441d2ad464d42bc9da7d81b9065c7eae456786a97992c8272c6547e7bf1b309cf73fd89c59583734fb51e52cdf2755f
SHA1 hash: be2efdb890ca2c64257d5c21ec5deec424b56918
MD5 hash: cd2a3b9f84a8d62a497fb71ccaee7f87
humanhash: august-idaho-july-coffee
File name:b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0.bin
Download: download sample
File size:46'361 bytes
First seen:2021-01-03 21:13:18 UTC
Last seen:2021-01-03 22:37:46 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash ae7ff082811cc0c88f1d3b193304b15b
ssdeep 768:EM8CgWE50hlgMI4dyPP3lLuzZPKqQKE1PgMBMuUN9b:/jZhlrdyPP3lLuBZQK6PgMBMTN9b
Threatray 3 similar samples on MalwareBazaar
TLSH 0E233C9A7A044CEBE671933D80EBC77A173DF5419A239B53FB24AB344B1379170982C6
Reporter Arkbird_SOLG
Tags:Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
212
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0.exe
Verdict:
Malicious activity
Analysis date:
2021-01-03 21:13:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d0085b53-e8c7-4dd0-8152-86a4f20ae3ee

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/110355/
Detection(s):
SecuriteInfo.com.Trojan.KillFiles.65330.13339.31640.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file in the Program Files subdirectories
Creating a file
Creating a file in the %temp% directory
Creating a file in the %AppData% subdirectories
Deleting a system file
Sending a UDP request
Creating a window
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/573120
Signature
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0/
Threat name:
Win32.Ransomware.FileCryptor
Create hunting rule
Status:
Malicious
First seen:
2021-01-01 07:34:00 UTC
AV detection:
12 of 29 (41.38%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
08e34fc9a01f4fd9017b61612d5eac56f1a28945c48d40908da62e430ac9a7d0
54cc3426c8ad3f2d39543a8157843620af7108ea419589cc6755e77a31b96047
a739910a18c1ded77bca7f33c0ff47bf2ef0c049bf0d53d2f7c045d25659581b
Result
Malware family:
n/a
Score:
  8/10
Tags:
spyware
Link:
https://tria.ge/reports/210103-t7c1mjkw1s/
Behaviour
Drops file in Program Files directory
Drops file in Windows directory
Drops file in System32 directory
Reads user/profile data of web browsers
Drops file in Drivers directory
Unpacked files
SH256 hash:
b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0
MD5 hash:
cd2a3b9f84a8d62a497fb71ccaee7f87
SHA1 hash:
be2efdb890ca2c64257d5c21ec5deec424b56918
Link:
https://www.unpac.me/results/d0c5a247-6dd4-466b-bc65-ed7612806e4a/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Killfiles
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b425fcfcab98d57a198166faa21768b84e6ab8c75d3864375eed40ca4162fdc0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/110355/

Comments


Avatar
BlackAngel commented on 2021-01-03 21:21:16 UTC

Seems be educative exercise (!@#$%^&*)