IOC Radar Logo
IOCRadar
IOC Radar Logo
IOCRadar

00d638139761ac1d8ec1d2aeb2dcb0d044f65d23af6e39bd6d41069b7b0c79f5

Hash
18%
SIGNAL STRENGTHSlightly Noisy
FIRST SEEN2025-03-26 02:43:15
LAST SEEN2025-04-26 16:54:11
CATEGORY
malware
region spesific attack(europe)
data leak - election data
operation system spesific attack(windows os)
win32 malware
MITRE
T1055 - Process Injection
T1486 - Data Encrypted for Impact
T1565 - Data Manipulation
T1071.001 - Web Protocol
T1499.002 - Endpoint DoS
T1499.003 - Network DoS
T1069.001 - Permission Groups Discovery
T1071 - Application Layer Protocol
T1021 - Remote Services
T1021.001 - Remote Services
TAGS
remote services
command and control
windows malware
credential theft
regional security
vulnerability management
malicious software
operating system
eu cyber policies
process injection
Eye Icon
SOCRadar
AI Insight

The presence of the SHA256 hash 00d638139761ac1d8ec1d2aeb2dcb0d044f65d23af6e39bd6d41069b7b0c79f5 is a critical indicator of potential malware infection, specifically linked to observed activity associated with the REvil ransomware (also known as Sodinokibi). This hash has been flagged by multiple threat intelligence feeds, including SOCRadar and AlienVault OTX, and exhibits a high threat score, indicating a high likelihood of malicious activity. The numerous related objects, including executable files and network indicators associated with Avast, Google Analytics, and various IP addresses, suggest a potential compromise involving injected or bundled malware designed to operate covertly, collect system information, and establish command and control, ultimately potentially leading to ransomware deployment and data exfiltration. Immediate investigation is warranted to prevent further propagation and mitigate potential damage.

Summary

Hash Type:
sha256
MD5:
-
SHA-1:
-
SHA-256:
-
Files:
microstub.exe
File Type:
exe

Top Classifications

Campaign:
-
Industry:
-
Country:
-
Region:
-
Threat Actors:
-
Malware:
-

Feed Sources

Feed Source
Count
Date
SOCRadar Threat Exchange Services
1
2025-04-26
AlienVault OTX Feeds
4
2025-04-26

Threat Activity Timeline

Last 24 hours
Dormant
Last 7 Days
Minimal Activity
Last Month
Minimal Activity
Last 3 Months
Minimal Activity
Extended Threat Intelligence
Free Trial

Stay ahead with proactive cyber threat warnings

Discover how SOCRadar's all-in-one platform can help protect your digital assets with extended threat intelligence, digital risk protection, and attack surface management.