MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013
SHA3-384 hash: 1abd95387cbe282be94b74574b451fa26a00ea2c65e3324ca0e11016b6c254f1833c9ee99114c1b4df733611240ccb5a
SHA1 hash: f0c1327aa8e0193645b6b663a2dfc8851c93b42b
MD5 hash: fbd42b89bed3cb69b886761a8a65b41a
humanhash: fish-wisconsin-romeo-asparagus
File name:fbd42b89bed3cb69b886761a8a65b41a.exe
Download: download sample
File size:3'095'963 bytes
First seen:2022-03-18 11:45:24 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b90dd62ecc2a1bd703e267bb07d95990 (1 x FickerStealer, 1 x CryptBot, 1 x Amadey)
ssdeep 24576:GzzoSqszb1GspYABKaKLmxBkC3LjdGLP5ZWwxTBwSMzFhZdT08+73voCDlZ87Bdk:GztqsqtvDTqSMzP0845Db+TUIBFMKu
Threatray 18 similar samples on MalwareBazaar
TLSH T1B2E56D63B389613EC07B197A472BDB509C3FBB617912CC4B6BF4494C9F355406A3AA0B
File icon (PE):PE icon
dhash icon 818da080a0a08082 (5 x Urelas, 2 x RemcosRAT, 1 x DCRat)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
194
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/252572/
Detection(s):
PUA.Win.Adware.Dealply-6619259-0
Create hunting rule

PUA.Win.Adware.Dealply-6888374-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Creating a window
Searching for synchronization primitives
Delayed reading of the file
Sending a custom TCP request
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
cmd.exe control.exe dotnet.exe expand.exe fingerprint greyware keylogger overlay packed regasm.exe replace.exe rundll32.exe
Link:
https://www.filescan.io/uploads/62347110b94fb38cb4a2a58a/reports/751a2af9-d037-452c-9fae-440372df7614/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
BABADEDA Crypter
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/80690668-53d2-4a9a-a3e5-c34940bbd07f
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/959447
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2022-03-18 02:38:48 UTC
AV detection:
11 of 27 (40.74%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
15a23e5e766596dbc471b4e4afa49316c141a8ee981194c0508f73b0a7f2ccf0
6122924f2393d69b3d9c563736b33ca5182023d9d26c17edd34926ce1f844d7b
72cc7ecb49837771303a8f567a2b7dd2e7f5ad7790c5b3aa0011fb981106cb31
7c42542ebefa3aa55190c1a099b75215cded42548a2f11cccf435e9a75179cd1
86aab09b278fe8e538d8cecd28f2d7a32fe413724d5ee52e2815a3267a988595
a0ac775ecbfa0ab3218e32b09a0d4fdcd82e7ceaa31241dc106c4fc77e9b5ddb
bd8d1264a88d5cdd701a4ee909b70beaec39d216c988b33bfb30f25aee3540ee
bf72cee251615ca0af6b861fd4abf781b007249d3b0bc8612bcb37bac0d427f5
f47aa759b6985d82784847fe10c3062befa65bd18fb9224f4bb625317e6d717e
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220318-nxcwkshgfr/
Unpacked files
SH256 hash:
37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013
MD5 hash:
fbd42b89bed3cb69b886761a8a65b41a
SHA1 hash:
f0c1327aa8e0193645b6b663a2dfc8851c93b42b
Link:
https://www.unpac.me/results/0a3688e9-62f3-438c-90ba-fe9e097fc356/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 37056d95d8a40efef2409cc81894bb294a063a51ab152401f4dab83817b11013

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2098950/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/252572/

Comments