MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sodinokibi


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f
SHA3-384 hash: cab5603c2342155e4dd6fa2eb340d96ee0ca1c4fe1918d1c17b97d4ae46cd365915db9e4bb4cfc402541d1643697a7b7
SHA1 hash: 6316421e06a6000f9736696f3b0d1f08ac1134c7
MD5 hash: 6eb69acd2ac82be838c8b3d8910b0d70
humanhash: bravo-oven-beer-mike
File name:e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f
Download: download sample
Signature Sodinokibi
Create hunting rule
File size:6'624'256 bytes
First seen:2020-09-23 14:04:02 UTC
Last seen:2020-09-23 19:00:41 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 167344a4df394fbba605fc972e41437a (4 x CobaltStrike, 1 x GoCryptoLocker, 1 x Sodinokibi)
ssdeep 98304:O0ocX1uVfOpOdS6Ua6Jt95JO+APX1pG/OGqjB5bOf:X/X1uVfOpOdSVa6Jfx
Threatray 5 similar samples on MalwareBazaar
TLSH B0668D12FCAA24F5C6BEF13085A193227A7178A943303BD36F94997B1666FD47A3D304
Reporter JAMESWT_WT
Tags:golang Ironcat Ransomware REvil Sodinokibi

Intelligence

File Origin
# of uploads :
2
# of downloads :
2'035
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/64861/
Detection(s):
SecuriteInfo.com.Generic.Ransom.Snatch.D0860D4B.20607.22271.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/473403
Signature
Found Tor onion address
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 289146 Sample: WQawEf11Fj Startdate: 23/09/2020 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 Found Tor onion address 2->12 6 WQawEf11Fj.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f/
Threat name:
Win64.Ransomware.Snatch
Create hunting rule
Status:
Malicious
First seen:
2020-09-23 14:05:07 UTC
File Type:
PE+ (Exe)
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=4rjuad2bhnfnf2mwykfx44v6fvbpykungdu4sgthudqonek2757q._file
Verdict:
unknown
Similar samples:
1a1d7e78c5ac2f804e01206111e915963cf51f680776ed02a15cb8353e5f7759
Sodinokibi
32b8ffac3250444904e6af3fca1f6408e684f11ad59e6c46887cf44f5de19e6b
Sodinokibi
67e4e4eb893a2386e782d4d4c7a44eaf70388cad0bb32f30fa3a06e466f583fd
Sodinokibi
7786483b897971c243102c6203d0f19608524cba52136ae5fa71803e74d55825
Sodinokibi
bd50fceeb89d220f6710030d3aacbc2427c5796d9b7f3dee8a362f4e7d4113ef
Sodinokibi
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/200923-cp5s5553pe/
Behaviour
JavaScript code in executable
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Snatch
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e453400f413b4ad2e996c28b7e72be2d42fc2a8d30e9c91a67a0e0e6915aff7f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/joakimkennedy/status/1308766075346132993?s=20
Cape
Cape
https://www.capesandbox.com/analysis/64861/

Comments