MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0d8119f01d727beacbe6fe877541b3c11b084ffdc53c8bae436aca3dbc197076. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Lazarus


Vendor detections: 9


Intelligence 9 IOCs YARA 7 File information Comments

SHA256 hash: 0d8119f01d727beacbe6fe877541b3c11b084ffdc53c8bae436aca3dbc197076
SHA3-384 hash: 08dbf6e72104cf237854cb1462c0b7e1a285cece2db32abcdb40ecbe66137565c6585496b3cf0d8b894ca7cf3a965666
SHA1 hash: 48e75d6e2bdb2b00ecbf4801a98f96732e397858
MD5 hash: f677620a092f4b8d46e43d0b0b62c89d
humanhash: nine-batman-louisiana-louisiana
File name:FCCCall.exe
Download: download sample
Signature Lazarus
File size:226'816 bytes
First seen:2024-09-18 19:47:47 UTC
Last seen:2024-10-10 16:17:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 6917d8cf4c91aef5213a1fc72e0a4bbc (1 x Lazarus)
ssdeep 3072:tXrhqQJhy8mQnQeqZ0kLnwKmldP9VCgs83:t7hDJhy8mQnQLZ02wKml1b3
TLSH T14F24595E221702E5E169C23FC64D0A41D37EBC2A8322E7EF0535781E1EF76E06E79549
TrID 48.7% (.EXE) Win64 Executable (generic) (10523/12/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
File icon (PE):PE icon
dhash icon a2d4cde8b249ccb2 (1 x Lazarus)
Reporter smica83
Tags:95-164-17-24 apt exe Lazarus

Intelligence


File Origin
# of uploads :
2
# of downloads :
522
Origin country :
HU HU
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FCCCall.exe
Verdict:
No threats detected
Analysis date:
2024-09-18 19:59:17 UTC
Tags:
n/a

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm crypto lolbin microsoft_visual_cc packed shell32
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Signature
AI detected suspicious sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Threat name:
Win64.Trojan.Generic
Status:
Suspicious
First seen:
2024-09-18 19:48:05 UTC
File Type:
PE+ (Exe)
Extracted files:
12
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Unpacked files
SH256 hash:
0d8119f01d727beacbe6fe877541b3c11b084ffdc53c8bae436aca3dbc197076
MD5 hash:
f677620a092f4b8d46e43d0b0b62c89d
SHA1 hash:
48e75d6e2bdb2b00ecbf4801a98f96732e397858
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_APT29_WINELOADER_Backdoor
Author:daniyyell
Description:Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends
Reference:https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs
Author:ditekSHen
Description:Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Rule name:pe_detect_tls_callbacks
Rule name:RANSOMWARE
Author:ToroGuitar

File information


The table below shows additional information about this malware sample such as delivery method and external references.

BLint


The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high
Reviews
IDCapabilitiesEvidence
DP_APIUses DP APICRYPT32.dll::CryptUnprotectData
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_APICan Execute other programsapi-ms-win-crt-runtime-l1-1-0.dll::_get_narrow_winmain_command_line

Comments