MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Nokoyawa


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
SHA3-384 hash: d452fe7614e28b8be3b2989c1aea1362cccae8ded102f5e8446971544d50ab66303cfc1897e734ed47a252b74d4ed86e
SHA1 hash: 32c2ecf9703aec725034ab4a8a4c7b2944c1f0b7
MD5 hash: 2e936942613b9ef1a90b5216ef830fbf
humanhash: kilo-oven-maryland-october
File name:e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
Download: download sample
Signature Nokoyawa
Create hunting rule
File size:38'912 bytes
First seen:2022-03-11 23:05:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6787f57bc9873a02ce38d5daed45ad43 (2 x Nokoyawa)
ssdeep 768:tMs3yBEgMYosM5Ar/xY6Xc4FSimT3oDz/KVA5k1q:edB5bM5Ar/S6Xc4FnmT3oDz/KV
Threatray 1 similar samples on MalwareBazaar
TLSH T1D30350C7C65AAAF0E4BADB3E1255532BBA3530E68730E38383111D131AE36B9517D3D9
Reporter Arkbird_SOLG
Tags:exe nokoyawa Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
434
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/249746/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.34963.1625.32369.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file
Changing a file
Replacing files
Modifying an executable file
Encrypting user's files
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/8955/overview
Behaviour
MalwareBazaar
CallSleep
CheckNumberOfProcessor
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypren filecoder ransomware wacatac
Link:
https://www.filescan.io/uploads/622bd5ddb94fb38cb460af0b/reports/b320f48a-2e1c-42eb-9dc4-61ed4d260feb/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/80f1fbcb-682e-46ea-acaf-dbba7a550643
Result
Threat name:
NOKOYAWA
Create hunting rule
Detection:
malicious
Classification:
rans
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/955328
Signature
Antivirus / Scanner detection for submitted sample
Found ransom note / readme
Multi AV Scanner detection for submitted file
Yara detected NOKOYAWA Ransomware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4/
Threat name:
Win64.Ransomware.Nokoyawa
Create hunting rule
Status:
Malicious
First seen:
2022-02-13 03:40:04 UTC
File Type:
PE+ (Exe)
AV detection:
21 of 27 (77.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4cl43yhxnx4ur4bzlbaellh2npl67brriflaqforfq6g4zcs3tsa._file
Verdict:
malicious
Similar samples:
fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab
Nokoyawa
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware
Link:
https://tria.ge/reports/220311-23d8gscdd4/
Behaviour
Drops desktop.ini file(s)
Enumerates connected drives
Modifies extensions of user files
Unpacked files
SH256 hash:
e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
MD5 hash:
2e936942613b9ef1a90b5216ef830fbf
SHA1 hash:
32c2ecf9703aec725034ab4a8a4c7b2944c1f0b7
Link:
https://www.unpac.me/results/35257daf-3607-4d25-a4bb-f9054fb56f28/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.trendmicro.com/en_us/research/22/c/nokoyawa-ransomware-possibly-related-to-hive-.html
Cape
Cape
https://www.capesandbox.com/analysis/249746/

Comments