MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


REvil


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4
SHA3-384 hash: 72e4b955f45be6b799f4f4892451ae7098f753265e8ce9c2d8792f06bfe7fe328f15326f96d7c9010052a27385d75b2b
SHA1 hash: 29f16c046a344e0d0adfea80d5d7958d6b6b8cfa
MD5 hash: 395249d3e6dae1caff6b5b2e1f75bacd
humanhash: comet-georgia-tango-alabama
File name:ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4.bin
Download: download sample
Signature REvil
Create hunting rule
File size:105'232 bytes
First seen:2021-06-28 22:27:45 UTC
Last seen:2021-12-24 18:56:04 UTC
File type: elf
MIME type:application/x-executable
ssdeep 3072:db+XoBHfYu9gggwgggwgggwgggwggg9k+LoS:dpyvo
TLSH 45A33CF7E57561ECC676B33625CFA8F7E07070B826F5240E6BC5294D23209890DA723A
telfhash 14e0d80ec92d0bc845e95c25d90997d34093e1a5d439f706fbd9ccc4094d945f209c5f
Reporter Arkbird_SOLG
Tags:elf Ransomware REvil

Intelligence

File Origin
# of uploads :
4
# of downloads :
459
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan-Ransom.Linux.Sodin.gen.650.17651.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0a80be7c-dd6f-409f-bce0-7a09842ec7b4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ea1872b2835128e3cb49a0bc27e4727ca33c4e6eba1e80422db19b505f965bc4/
Threat name:
Linux.Ransomware.Sodino
Create hunting rule
Status:
Malicious
First seen:
2021-06-11 05:26:41 UTC
AV detection:
2 of 45 (4.44%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  6/10
Tags:
linux
Link:
https://tria.ge/reports/210628-nmx97k3rnn/
Behaviour
Reads runtime system information
Reads CPU attributes
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/jaimeblascob/status/1409603887871500288
  
X
https://twitter.com/VK_Intel/status/1409601311092490248

Comments