MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9
SHA3-384 hash: ab87dec5346a7644830435ae613e812806b425b8ee4d42d168f6b29c460fae3f86d8bdb0333d9ab2f4ba9ef4cf18e44f
SHA1 hash: 26de43cc558a4e0e60eddd4dc9321bcb5a0a181c
MD5 hash: cfdd16225e67471f5ef54cab9b3a5558
humanhash: timing-vegan-rugby-burger
File name:iec56w4ibovnb4wc.onion_Library__OlympicDestroyer__OlympicDestroyer.bin.malw
Download: download sample
File size:1'861'632 bytes
First seen:2020-03-18 22:32:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 975087e9286238a80895b195efb3968d
ssdeep 49152:R9dnjRSnRMWHrVDoqNcVhcAwARGcWRrLy3pNq:3dVSRMUrVDEVHLRGdRrLy5N
Threatray 21 similar samples on MalwareBazaar
TLSH 8E8523257BC0C4B2EAB3147108B8EB7499BDB6310B7461DB77911B7E0F741C1253AAAB
Reporter ov3rflow1
Tags:malw

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
n/a
Vendor Threat Intelligence
Detection:
mimikatz
Create hunting rule
Link:
https://www.capesandbox.com/analysis/4069/
Detection(s):
Win.Trojan.OlympicDestroyer-6446992-0
Create hunting rule

Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad.spre.rans.spyw.troj.
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/19030
Behaviour
Behavior Graph:
n/a
Gathering data
Threat name:
Win32.Trojan.Olympicdestroyer
Create hunting rule
Status:
Malicious
First seen:
2018-02-09 22:10:40 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
45 of 48 (93.75%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
28858cc6e05225f7d156d1c6a21ed11188777fa0a752cb7b56038d79a88627cc
3afe4dd1466eb99bc7ab905a2363173dc043f9060982c49b6f5da73293f7d6ed
3e27b6b287f0b9f7e85bfe18901d961110ae969d58b44af15b1d75be749022c2
65c86813da2eb5bfc495e538fa4e77f8c3a3c03418e655ac8262bc0aa42281ba
693626ad4ce750ecb027980dfb505ca69872923702dfe564e0adcb651e8c60d9
c6d5e1fdae2634a3a2a29a8c5de69f725ebceefba86d3700bc922aac7f55a1f7
cb663a4fa79cb0fcb52c3049b65b1a012c45e72badc13c931fc2c72a8a94dcca
e392bcf79759484012a84eb240198d63c45af3480eff1e28aed7cc102069b63a
eecf5fa7aabf91128e8b3d5a6b6541ccc4e379c18cfe1d35f2473740a192e8d1
eee468bff615adfd8c7b6afc3dc8d064e5076e6175e7d28e233983e08a0a4426
+ 11 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Unknown
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/edb1ff2521fb4bf748111f92786d260d40407a2e8463dcd24bb09f908ee13eb9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/4069/
Cape
Cape
https://www.capesandbox.com/analysis/4066/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::ConvertSidToStringSidW
ADVAPI32.dll::CopySid
ADVAPI32.dll::GetLengthSid
ADVAPI32.dll::IsValidSid
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
ole32.dll::CoInitializeSecurity
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateRemoteThread
KERNEL32.dll::CreateProcessW
KERNEL32.dll::CreateProcessA
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::VirtualAllocEx
KERNEL32.dll::WriteProcessMemory
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
KERNEL32.dll::GetCommandLineA
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleCP
KERNEL32.dll::GetConsoleMode
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileA
KERNEL32.dll::CreateFileA
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::GetWindowsDirectoryW
KERNEL32.dll::GetFileAttributesA
WIN_BASE_USER_APIRetrieves Account InformationKERNEL32.dll::GetComputerNameA
ADVAPI32.dll::LogonUserA
ADVAPI32.dll::LookupAccountSidW
ADVAPI32.dll::LookupPrivilegeNameW
ADVAPI32.dll::LookupPrivilegeValueW
WIN_CRED_APICan Manipute Windows Credentialscredui.dll::CredUIParseUserNameW
WIN_CRYPT_APIUses Windows Crypt APIADVAPI32.dll::CryptAcquireContextW
ADVAPI32.dll::CryptGenRandom
WIN_SOCK_APIUses Network to send and receive dataWS2_32.dll::FreeAddrInfoW
WS2_32.dll::GetAddrInfoW

Comments