MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5123e1fe20922f1e236abdc7aa90f98056ffef585bc4a2c1b93cfd2dd2736a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f5123e1fe20922f1e236abdc7aa90f98056ffef585bc4a2c1b93cfd2dd2736a0
SHA3-384 hash: 6929eceb6e61543f41710c4ee7145c8050a21235ecc06af7940eb97988158eb742bcd99c00b1c8892494ba4073295671
SHA1 hash: e80d346835f582c1fe03f5cd000b678e72d05e4d
MD5 hash: 5d3530b723124e3de42b6bc04f4cd3ff
humanhash: zebra-uniform-emma-wolfram
File name:SecuriteInfo.com.Trojan.GenericKD.43379354.897.18957
Download: download sample
File size:3'174'744 bytes
First seen:2020-06-25 10:52:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ebbc8939566e26b8f289127d8755929
ssdeep 24576:ICBvy8kdTSWCCHx0+pMQmCEr6unzF1eljClKncdlCi6/J9K84ie7wGZ:IAodTSSOyA6unzSl2ltIxShZ
Threatray 74 similar samples on MalwareBazaar
TLSH BDE5DFD1A846CEBED0A92175F3AC8F179061FE294F034A8A75541D217BF2D43E9A138F
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/14196/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.43379354.897.18957.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending an HTTP GET request
Creating a file
Deleting a recently created file
Creating a window
Blocking the User Account Control
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f5123e1fe20922f1e236abdc7aa90f98056ffef585bc4a2c1b93cfd2dd2736a0/
Threat name:
Win32.Ransomware.Avaddon
Create hunting rule
Status:
Malicious
First seen:
2020-06-23 12:42:57 UTC
AV detection:
25 of 31 (80.65%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
01aa2cf8db4badde36f1896d341e31c0fe91a51772f1aa50b9f59ba368973993
0f081ea4e30ca05fc2977235bf239992b17fa9968b58b001990e4539f0899269
692dc7ac48dfa381cd7f860236876e3621af2e1dc984b8f14cad498e412e88d8
6ad2831339a2a6fc8d140c8718cf38fabef9915409bd32cd86221b515b4be629
75adf0d7e708b54f8debec4767e2ba3cc52cdf0264a8d6545865d4c7ae7352d0
7b4a13c022f0948f0a7ace0c2ea8b85af4f596338af14c3a1be2e63f55cbb335
b74e722c4a7b85d49e9c25991528d742161a1ae76c860e001868b1918dc66222
bcb69244dc69a152af4dca3849bb4f3ca634ad785926304c672dbf8a3c38e7bc
e24f69aa8738d14b85ad76a1783d51120b8b6ba467190fe7d8f96ad2969c8fdf
fa4626e2c5984d7868a685c5102530bd8260d0b31ef06d2ce2da7636da48d2d6
+ 64 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence evasion trojan ransomware
Link:
https://tria.ge/reports/200625-91ygymfgen/
Behaviour
System policy modification
Interacts with shadow copies
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Modifies service
Drops desktop.ini file(s)
Checks whether UAC is enabled
Adds Run entry to start application
Enumerates connected drives
Looks up external IP address via web service
Executes dropped EXE
Deletes shadow copies
UAC bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/14196/

Comments