MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 7 File information Comments

SHA256 hash:	0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd
SHA3-384 hash:	60e93f84a5b4719ffe14ee2999a00c04ab3b5a95f6f61ba636bbcb2072a5ea84ec2b735521c7925f39725ad30cc021db
SHA1 hash:	18a2ee2fcd433f0fe27e0b6fc13bdfc890fc637b
MD5 hash:	ed60b3913e6694f4a0ed2fe25551bd1f
humanhash:	connecticut-pluto-whiskey-monkey
File name:	0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd
Download:	download sample
File size:	233'472 bytes
First seen:	2024-10-10 16:11:12 UTC
Last seen:	2024-10-10 16:54:58 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	928c951361d3a2211d9106bde4a3a971
ssdeep	3072:uXBxyWHmRNs2AoYObdeqZ0kLnPgK8+dP9VCgs83:ur/mRm2AoYCLZ02YK8+1b3
Threatray	2 similar samples on MalwareBazaar
TLSH	T15F346B5E221B52E1E0A9C23FC24D0642E37EBC168722D7EF05357D2E1EF76912E79249
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
File icon (PE):
dhash icon	a2d4cde8b249ccb2 (1 x Lazarus)
Reporter	JAMESWT_WT
Tags:	185-235-241-208 exe

Intelligence

File Origin

# of uploads :

# of downloads :

168

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

FCCCall.exe

Verdict:

No threats detected

Analysis date:

2024-08-10 21:53:36 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8bad8390-5d53-41ca-83f5-f6e7b16f710f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.25555.16738.UNOFFICIAL

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6707fcd8ab31793a7b2157cb

Tags:

Stealer Agent

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-vm crypto lolbin microsoft_visual_cc packed shell32

Link:

https://www.filescan.io/uploads/6707fcd588204e432568cb88/reports/9d42a7c8-93e7-42ec-b6ae-6839e3f6e6f5/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd

Malware family:

Lazarus

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/3c6762a3-e06a-4124-8882-021b32eae9e1

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1530951

Signature

AI detected suspicious sample

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

92%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd/

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2024-08-02 21:03:29 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

20 of 38 (52.63%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ayq5g6ayynpckv753ctstziouzrluumn7dfgdjcmyow5lrw6wpgq._file

Verdict:

malicious

Label(s):

beavertail

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/241010-tnhclazclp/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/4ee4c6b7-5f58-4a3d-8321-6177e3f648d4

Unpacked files

SH256 hash:

0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd

MD5 hash:

ed60b3913e6694f4a0ed2fe25551bd1f

SHA1 hash:

18a2ee2fcd433f0fe27e0b6fc13bdfc890fc637b

Detections:

INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs

Link:

https://www.unpac.me/results/5a2bb3b5-8cac-455d-82de-ff4533540690/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/0621d37818c35e2557fdd8a729e50ea662ba518df8ca61a44cc3add5c6deb3cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs Create hunting rule
Author:	ditekSHen
Description:	Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Rule name:	Macos_Infostealer_Wallets_8e469ea0 Create hunting rule
Author:	Elastic Security

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Reviews

ID	Capabilities	Evidence
DP_API	Uses DP API	CRYPT32.dll::CryptUnprotectData
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_API	Can Execute other programs	api-ms-win-crt-runtime-l1-1-0.dll::_get_narrow_winmain_command_line

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample