MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1
SHA3-384 hash: afa944a0da14c5a42ccdda7fad30769ba1fa444dc8cb62f9a95bbe03752917babf5281a80cca243b1a0a28b0bdb0aed3
SHA1 hash: c0056d82096d9922ad6ffc7f8c7c28eece89f24a
MD5 hash: e9a6cf8b9db68aa6fcc88639b2a4ea49
humanhash: mobile-skylark-winter-purple
File name:0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1
Download: download sample
File size:695'430 bytes
First seen:2021-05-09 10:38:28 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9165ea3e914e03bda3346f13edbd6ccd (3 x ValleyRAT, 2 x QuasarRAT, 1 x Redosdru)
ssdeep 12288:4hm73Z9T0o1/wRShyQ9QHl2d6HGtz5cdI/dgjtkw549gJLuz5aB9Dwet/J:4hWJj/mShtu00GKjt9Bu1aBdwet/J
Threatray 82 similar samples on MalwareBazaar
TLSH BBE4121FA4344AB5F1BE5834B38A9F65CF397653B63856174A432F012EE0274CE9F18A
Reporter starsSk87264403
Tags:AntiAV exe flystudio KILLAV

Intelligence

File Origin
# of uploads :
1
# of downloads :
170
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/153521/
Detection(s):
Win.Malware.Flystudio-6937682-0
Create hunting rule

Win.Trojan.Generic-9779041-0
Create hunting rule

Win.Trojan.Agent-111655
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Sending a UDP request
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/720419
Signature
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1/
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2021-05-01 01:20:35 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  1/5
Verdict:
malicious
Similar samples:
4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884
56133c0d017af35f49253926e3583cf72c36146ab7faa65b6058971685166652
7722f9fc1c3104b305915e49413e86df71e233fc2ac2914eee60ab7a59fcdf14
7c72220143c425a516165961c18921c0e63fc760d7dc1a68da52087b99f1350d
a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933
a4053c9427fa00b62f65abf8ad7760e39df7f7ea0c72ed89375e2076f7cb79a3
b00ffbe33a4398cdfdb136564f24dfd6ff292b11a9adbc4041aa2a532af6edfb
bd0d884649509aece899372e0bea6f6dbe833b463e35206753dae69a0bc60632
bd668ef292ae01d2ed9a32b1ea054e2acb484f61e86481f306669637ba31ce82
e162d29d0ba895e3ea7d75000c41c843225c7d29147b323ed9a72f4de3c1f6f0
+ 72 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/210509-7mvfz2eak6/
Behaviour
Suspicious use of SetWindowsHookEx
Loads dropped DLL
Unpacked files
SH256 hash:
4bed8a6e4e1548fddee40927b438132b47ef2aca6e9beb06b89fcf7714726310
MD5 hash:
1eece63319e7c5f6718562129b1572f1
SHA1 hash:
089ea3a605639eb1292f6a2a9720f0b2801b0b6e
Link:
https://www.unpac.me/results/aa19868c-622e-44cc-a1eb-3ebd33deb2aa/
SH256 hash:
0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1
MD5 hash:
e9a6cf8b9db68aa6fcc88639b2a4ea49
SHA1 hash:
c0056d82096d9922ad6ffc7f8c7c28eece89f24a
Link:
https://www.unpac.me/results/aa19868c-622e-44cc-a1eb-3ebd33deb2aa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
FlyStudio
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0c3fe692a41411694e7bf89729008d344351da7961755f0d7ba9c58249b37aa1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/153521/

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-09 10:59:31 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [C0026.002] Data Micro-objective::XOR::Encode Data
2) [C0046] File System Micro-objective::Create Directory
3) [C0051] File System Micro-objective::Read File
4) [C0052] File System Micro-objective::Writes File
5) [C0018] Process Micro-objective::Terminate Process