MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 5 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff
SHA3-384 hash: 3cbf28ac58525535996f474cb47318907b15183af5b40883f5c3681e64a668df0a63aa9416d0bdef36bc7ef7b994e4c4
SHA1 hash: c86339a417c19fffedb85a8b0c757b526e59f942
MD5 hash: 469c251511f31030e5aef15e470eab7c
humanhash: fruit-six-fifteen-vegan
File name:469c251511f31030e5aef15e470eab7c
Download: download sample
File size:1'259'183 bytes
First seen:2021-09-20 13:56:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ddf7967f271d2def449d78bf72166fcb (1 x Metasploit, 1 x XWorm)
ssdeep 24576:e13gJnNiQQSA7Ph8/Kv9UWqPU5EDvLJPjraFLR5ROWBcIrEH7is:eWjrRKv9UTPjrkp7ts
Threatray 17 similar samples on MalwareBazaar
TLSH T1CB45E113BAD181F2F1420532543EA73BBE36B2186935CE87D3D45C685A632A1EA3F35D
File icon (PE):PE icon
dhash icon d292b0b2da36bcbe (11 x AsyncRAT, 7 x Metasploit, 6 x CoinMiner)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
469c251511f31030e5aef15e470eab7c
Verdict:
Malicious activity
Analysis date:
2021-09-20 13:58:50 UTC
Tags:
trojan floxif
Link:
https://app.any.run/tasks/03ce3275-64d1-42cd-b719-260b704b64b5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/189461/
Detection(s):
Win.Virus.Pioneer-9111434-0
Create hunting rule

MiscreantPunch.SingleXOR.EXE.197.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a window
Reading critical registry keys
Creating a file in the Program Files subdirectories
Moving a file to the Program Files subdirectory
Replacing executable files
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
DNS request
Connection attempt
Sending an HTTP GET request
Deleting a recently created file
Replacing files
Unauthorized injection to a system process
Infecting executable files
Malware family:
Floxif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2c55deb6-be15-4235-a0c8-a850d4dd6f8b
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/854191
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Binary is likely a compiled AutoIt script file
Machine Learning detection for dropped file
Machine Learning detection for sample
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff/
Threat name:
Win32.Virus.Floxif
Create hunting rule
Status:
Malicious
First seen:
2021-09-18 00:57:28 UTC
AV detection:
42 of 45 (93.33%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
23d67bc537f5cfd46de2cba9580f80cdfb06e85a57ad74d3da20ed1196528d1c
5c7477a9e188ca29be9a1fe3b6cb4e40140d079cc3d9a3cdd6dccf284db00d76
6b08c2df61f78ec6d59f2ea334fed35202e1c1e8a796f9709544bda5d30bc87f
76f7bf0fdd9b10a084a69aa6dd475426c1d335f7e0d26544af7cbed40e86a762
8e1d0291e0708d70f16cfe550b8c0e9b8d4e11b71a1d3fdd07e44f7505b12ef0
a7097d8faff9c2e6cec6799d715727ff40a14cddee4abd0377286d6adbb63fdd
c981d0b67e470060326e1daa78c090e5b76ed28f9a41f5fa8a4216c420b8dfb0
d6b1fd6f2a40416bebd7f6a2c5fef23e1fd677b7e2487ffa61cf626d3eb57841
e296665db7b0416f92848115e3b608a59a5e493413134a718c1f573494157f34
e96e3b77c603f413be1eb00e0ebba9223a104ac053606f3409a92eaead6f2fd3
+ 7 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  9/10
Tags:
persistence upx
Link:
https://tria.ge/reports/210920-q89e2aecc2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Drops file in Program Files directory
Enumerates connected drives
Loads dropped DLL
Modifies AppInit DLL entries
UPX packed file
ACProtect 1.3x - 1.4x DLL software
Unpacked files
SH256 hash:
0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff
MD5 hash:
469c251511f31030e5aef15e470eab7c
SHA1 hash:
c86339a417c19fffedb85a8b0c757b526e59f942
Link:
https://www.unpac.me/results/ec1ea22d-2658-463a-8056-54e28393189d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_KB_CERT_7c1118cbbadc95da3752c46e47a27438
Create hunting rule
Author:ditekSHen
Description:Detects executables signed with stolen, revoked or invalid certificates
Rule name:MAL_Floxif_Generic
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:MAL_Floxif_Generic_RID2DCE
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:SUSP_Microsoft_Copyright_String_Anomaly_2
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:SUSP_Microsoft_Copyright_String_Anomaly_2_RID3720
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 0374ead74fa807fb1737d8829fdb5bad6c93779f6b9eb7162eddabff7a64acff

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1635742/
Cape
Cape
https://www.capesandbox.com/analysis/189461/

Comments


Avatar
zbet commented on 2021-09-20 13:56:36 UTC

url : hxxp://esetnode32-antiviru.ydns.eu/dwn.exe