MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Hive


Vendor detections: 10


Intelligence 10 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3
SHA3-384 hash: 723234165eb662cc060fcdaf72fbad6d5823545351dcebe15df8e2b149d8295ede7bbbc7a16c1b184cec71297bcf972e
SHA1 hash: cedb0c1dcb83aacd19a6bec04f7f1c4d875034c0
MD5 hash: 036539c87a839b419424c8d535252185
humanhash: lamp-zulu-indigo-london
File name:f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3.bin
Download: download sample
Signature Hive
Create hunting rule
File size:443'400 bytes
First seen:2022-04-24 18:00:53 UTC
Last seen:2022-04-24 18:37:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a9d048605f07f7f9f42b35afedade3f7 (2 x Hive)
ssdeep 6144:NuzIkO/bkS1+0EdYi+91xzrM68PS5OWGM/gRDfr33S8SF+4vMRZp:NuzIf/bX+0EdYfHzmSgC8SkfZp
Threatray 14 similar samples on MalwareBazaar
TLSH T14E944A43F6A250ACC06AC0788357A633F9727C0D46357AAB6BE0FE312F65B50A72D715
TrID 43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
27.6% (.EXE) Win64 Executable (generic) (10523/12/4)
13.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.3% (.EXE) OS/2 Executable (generic) (2029/13)
5.2% (.EXE) Generic Win/DOS Executable (2002/3)
Reporter Arkbird_SOLG
Tags:exe Hive Ransomware signed

Code Signing Certificate

Organisation:Casta, s.r.o.
Issuer:Sectigo Public Code Signing CA R36
Algorithm:sha384WithRSAEncryption
Valid from:2022-03-15T00:00:00Z
Valid to:2023-03-15T23:59:59Z
Serial number: e9268ed63a7d7e9dfd40a664ddfbaf18
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 0767b9ab857b8e24282b80a7368323689a842e6c8b5a00a4f965c03e375e8b0d
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
2
# of downloads :
492
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/266191/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.35151.12345.12603.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug expand.exe filecoder overlay packed ransomware
Link:
https://www.filescan.io/uploads/62659067dfdc89e8061dd112/reports/de8f93b3-9577-4881-b6b3-66c89294f060/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Hive
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8433b795-0476-40fd-a29f-79551daaf355
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/982113
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 614596 Sample: T8yxcflgzw.bin Startdate: 24/04/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 T8yxcflgzw.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3/
Threat name:
Win64.Ransomware.Hive
Create hunting rule
Status:
Malicious
First seen:
2022-04-21 22:06:27 UTC
File Type:
PE+ (Exe)
AV detection:
23 of 42 (54.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6srzqig375d7ug3i7a7vow6jr3jtqwfqena4lqcgjje34ttmo3jq._file
Verdict:
malicious
Similar samples:
033a280e25d03046cb22a3d2bb229994861d0b51c7ca70a3b2a750b7dd87a0ad
Hive
15a290552f9cdc38b18e6c0babe7fdd52ff8abfa73ff823220fa994e7f023dc0
Hive
1841ca56006417e6220a857f66c8e6539502d5e9f539cf337b83a25c15d17a50
Hive
26cb76e67add724d7771d12ffc701a4806c71dc436ff7d6ed0288e899dfd0d9b
Hive
4587e7d8e56a7694aa1881443312c1774da551459d3a48315acd0c694bcf87a0
Hive
567cb1d95c5b0701bc9a5b06842f9a675a592749cebcace5e7d62e626b2354d1
Hive
6a4ebf513f996bd7198c711bef936a989fea148c235817ea56c1e2afafa927f5
Hive
9b68f6082702082205344baf6812469cf2ef20345acb6b6a94022feebb087c43
Hive
c7c04bcd56f282bc27f160cc80ccab73485dd3123f2efb35b9726a8528b7950f
Hive
ef29e4b32e6de86c5892e2f6d9e1029a49aef283298c81859e95fdc2c049804e
Hive
+ 4 additional samples on MalwareBazaar
Result
Malware family:
hive
Create hunting rule
Score:
  10/10
Tags:
family:hive
Link:
https://tria.ge/reports/220424-wlvw1shgc4/
Unpacked files
SH256 hash:
f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3
MD5 hash:
036539c87a839b419424c8d535252185
SHA1 hash:
cedb0c1dcb83aacd19a6bec04f7f1c4d875034c0
Link:
https://www.unpac.me/results/835066d0-7464-40ff-8d0d-742e42a5be4d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f4a39820dbff47fa1b68f83f575bc98ed33858b02341c5c0464a49be4e6c76d3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:pdb2
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://twitter.com/jirehlov/status/1517119877454364673
Cape
Cape
https://www.capesandbox.com/analysis/266191/

Comments