YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 7ab85fa989018728529674292a2c2b75b9dd3530de577fd0ed72f1f42bd092ff.

SHA256 hash:	7ab85fa989018728529674292a2c2b75b9dd3530de577fd0ed72f1f42bd092ff
File size:	32'915'456 bytes
File download:	Original
MIME type:	application/octet-stream
MD5 hash:	3caf81cac96da7b2a2764f33ad01ba72
SHA1 hash:	63e7362f193b300fe53e63aacbb949af0f416a7c
SHA3-384 hash:	31aff5e151d18ff925a5059b53cf2f06ba2a85d49d3baae8401682332ea88030d148e83ef5d497001257845d1f675a95
First seen:	2023-01-25 09:33:17 UTC
Last seen:	Never
Sightings:	1
imphash :	n/a
ssdeep :	393216:9f7aZZIDjlXOwzG56TTQaoZwzmZ6znk6cptW+RqD3cvEc9DDJ6b6kSMzNT55QBQc:
TLSH :	T16B77001459FB518BA3E3E9711FDCA97E8A8AA163800C35761004E32B7B5DE74DA4FB34 Create hunting rule
telfhash :	n/a
gimphash :	n/a
dhash icon :	n/a

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

The file matched the following open source and commercial ClamAV rules.

No matches

The following YARA rules matched on the file (static analysis).

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address
TLP:	TLP:WHITE
Repository:	MalwareBazaar

Rule name:	SUSP_Double_Base64_Encoded_Executable Create hunting rule
Author:	Florian Roth
Description:	Detects an executable that has been encoded with base64 twice
Reference:	https://twitter.com/TweeterCyber/status/1189073238803877889
TLP:	TLP:WHITE
Repository:	Neo23x0

Rule name:	SUSP_Double_Base64_Encoded_Executable_RID34CC Create hunting rule
Author:	Florian Roth
Description:	Detects an executable that has been encoded with base64 twice
Reference:	https://twitter.com/TweeterCyber/status/1189073238803877889
TLP:	TLP:WHITE

The following YARA rules matched on the unpacked file.

Disabled by submitter

The following files could be unpacked from this sample.

Disabled by submitter

2023-01-25 09:33:17 UTC Static: 3 Unpacker: 0 ClamAV: 0