MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


PlutoCrypt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd
SHA3-384 hash: d723f877366f10fd09917d7c6e8f79622defb21f463d1e3ef7bb545520a5eaf702c384d42c68cde340c75cfdd84b4371
SHA1 hash: 43c0a9613cc2f7de54d3aaaf70fcc1e0d3aab000
MD5 hash: 58fdcddfd4440c67eb5d27787c3ac80e
humanhash: nineteen-vegan-river-winner
File name:x.xml
Download: download sample
Signature PlutoCrypt
Create hunting rule
File size:9'936 bytes
First seen:2023-04-14 16:25:04 UTC
Last seen:Never
File type:unknown
MIME type:text/xml
ssdeep 192:dTLAeNQx3jrhnHc8quc8q1V3X1BKsjWh38RlNrNanQVKdqNwOt/YnDAAKOY+ofO7:Jw3jtcnucnXnjVG3P8mD1UolQ/kc+
TLSH T191221C132EE720D972B70B546BF9B8FB0957F8B0293DA1B82055554C8BB2AD1CC61F36
TrID 90.3% (.) Windows 7 Task Scheduler job (141000/1/20)
7.6% (.XML) Generic XML (UTF-16 LE) (12000/1)
1.2% (.TXT) Text - UTF-16 (LE) encoded (2000/1)
0.6% (.MP3) MP3 audio (1000/1)
Reporter 0xToxin
Tags:199-192-20-58 plutocrypt Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
376
Origin country :
IL IL
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.BZC.WBO.Pantera.3305.DBF3147B.16755.22269.UNOFFICIAL
Create hunting rule

Verdict:
No Threat
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/64397e9c8cbb8f4be303c788/reports/e3a7d4fd-66e2-4c27-8cf1-df3d31b8ad32/overview
Verdict:
Malicious
Labled as:
BZC.WBO.Pantera.3305.DCEF1358;BZC.WBO.Pantera.3305
Link:
https://www.hybrid-analysis.com/sample/df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Empire PowerShell Request
Detected a base64 encoded Powershell HTTP request that is likely sourced from Empire.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd/
Threat name:
Text.Trojan.Pantera
Create hunting rule
Status:
Malicious
First seen:
2023-04-06 15:18:51 UTC
File Type:
Text (XML)
AV detection:
4 of 37 (10.81%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=344klwox23e472tf5nlcgf7xdpvjjih4ompb72isd6khtzlpmh6q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
SNC
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df38a5d9d7d6c9cfea65eb562317f71bea94a0fc731e1fe9121f9479e56f61fd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments