MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3670bfc1db6fb7223bb6b231ef4c3afd9d34de1d8f87b7a8e7a4cb27cfaa37d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA 4 File information Comments

SHA256 hash:	e3670bfc1db6fb7223bb6b231ef4c3afd9d34de1d8f87b7a8e7a4cb27cfaa37d
SHA3-384 hash:	14b3243de34f8bf9396ce4756f2bbe1c1189230fb280803d046827f13886cb8295f222f114995c4ff4b2879b6b2c7f2c
SHA1 hash:	02d3de3ac9bb72bddb487b5cf5376554b03039f0
MD5 hash:	925eef0d63e634c045f0d54077aa5449
humanhash:	fruit-green-may-gee
File name:	a4cd172c3838af171870263cb90e7f66
Download:	download sample
File size:	361'984 bytes
First seen:	2020-11-17 15:42:28 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	2d2b958ac64d0141c885839c73dd7d69
ssdeep	6144:4mSawdQzZzZVolqfm220xrvkqnGXOAOBWjHn:6awd0FZZfZrnIOAIW
TLSH	0474D021B6D5C472D03706B1A861CF612F3ABC3556B5C91B6B901FAF7E2534AEA31323
Reporter	seifreed

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Connection attempt to an infection source

Creating a file in the mass storage device

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e3670bfc1db6fb7223bb6b231ef4c3afd9d34de1d8f87b7a8e7a4cb27cfaa37d/

Threat name:

Win32.Trojan.Babar

Status:

Malicious

First seen:

2020-11-17 15:48:05 UTC

AV detection:

19 of 48 (39.58%)

Threat level:

5/5

Unpacked files

SH256 hash:

e3670bfc1db6fb7223bb6b231ef4c3afd9d34de1d8f87b7a8e7a4cb27cfaa37d

MD5 hash:

925eef0d63e634c045f0d54077aa5449

SHA1 hash:

02d3de3ac9bb72bddb487b5cf5376554b03039f0

Link:

https://www.unpac.me/results/cb4a64df-0f5d-46a0-8663-fa08c3b48837/

SH256 hash:

0a76dc8af7edb51684b1d5b3113ab4976b4215c7f76baf750a0d053b0bf8c214

MD5 hash:

ebd8b47b3bdd3c53275dc1be9640b92b

SHA1 hash:

bca5ddf0aed45288c1641c33345e2159fefa197f

Link:

https://www.unpac.me/results/cb4a64df-0f5d-46a0-8663-fa08c3b48837/

SH256 hash:

770bbe7510c195063ade3d05d1693b5046072ec52c724aa03bd37a525af8eb69

MD5 hash:

a6f3891ca8953a4db5291b5294c3788e

SHA1 hash:

7fa785f15c67bc35b471bf0fe3db883cbc41ce9d

Detections:

win_locky_g1

win_locky_auto

Link:

https://www.unpac.me/results/cb4a64df-0f5d-46a0-8663-fa08c3b48837/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Locky Create hunting rule
Author:	kevoreilly
Description:	Locky Payload

Rule name:	win_locky_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

Rule name:	win_locky_g0 Create hunting rule
Author:	mak

Rule name:	win_locky_g1 Create hunting rule
Author:	Slavo Greminger, SWITCH-CERT

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample