MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3c02cff7aa1784336ec96fce16cac267c812ce98ab6a7497c8b7f8c44c54a1e9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3c02cff7aa1784336ec96fce16cac267c812ce98ab6a7497c8b7f8c44c54a1e9
SHA3-384 hash: dcf1daa78b1762c48a21bd140f0ddc5b5f9fc3829bd78b2e88221c483fb6792561cf006468c95f5527283a4427d2a147
SHA1 hash: 1b8d0e87436daf77a1babe3fc7d629dcddf37c62
MD5 hash: 70aa68c29622df360dea76daa4255835
humanhash: aspen-magazine-pennsylvania-beer
File name:FT.FATURA.EKFUHLWS+LUVPBC0DGZUWISOAPDK.msi
Download: download sample
File size:288'768 bytes
First seen:2021-02-03 14:51:43 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 3072:6lv9RaTnWU6ij4qpXqnnDibAJBVks+3D7YfAEz2L9rQn4J9+3Z5yOV2nf:4vza7WTqp4nwE43D7YfAEN
Threatray 21 similar samples on MalwareBazaar
TLSH 0F548D0636C5467BE9DF07336F4BC3A2DB76EC7581A280278299790E1CF5146E3636E2
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/115347/
Detection(s):
SecuriteInfo.com.Trojan-Spy.Agent.22897.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.Obfus-1914.UNOFFICIAL
Create hunting rule

Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3c02cff7aa1784336ec96fce16cac267c812ce98ab6a7497c8b7f8c44c54a1e9/
Threat name:
Script.Downloader.BanLoad
Create hunting rule
Status:
Malicious
First seen:
2021-02-03 10:34:30 UTC
File Type:
Binary (Archive)
Extracted files:
51
AV detection:
13 of 29 (44.83%)
Threat level:
  3/5
Verdict:
malicious
Similar samples:
212301549b3dbfa54f2271e2b1a08b00017130ef63aa3efa4fd65f3d6cf20d5d
7417ed51775743c41da428a0bd486649ae808cfa45278ff566de373833023692
78a34d83fb67d111d3732b8aac4d217ee1b370ce00e458dd8dde8a0f17f71db3
9f0d3b49b6eea3eff22dce2838b10e8e3b03c45f31212f8d26ae31cd576f1104
acd0ae8b296ee3fd7d01547b5220877770538fb76144b237f81377e3241726b3
af4811889f865fa54c6d10f69d4dc68bf745db7dc00882ecbf93355ac9f2881f
b171d7cebed4d9ba4e5a119286ad18d0a6460155dd2be2af522739f0549ca0c8
bbf1cebce86dde95f8a66414a1106ae2494b57c7b3d36d6df16b8ddef74e6346
d663f2c1a5075b43cc2706d58ae98dbb4b1ab168d5c99b43d5cb0b80e18937cf
f7be1623b907e2cc0475ac788eed965320bffc3ab084f74e249de9c46ecc5615
+ 11 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
bootkit macro persistence ransomware xlm
Link:
https://tria.ge/reports/210203-rq5ycqk3ea/
Behaviour
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Windows directory
Drops file in System32 directory
Enumerates physical storage devices
Adds Run key to start application
Enumerates connected drives
Looks up external IP address via web service
Writes to the Master Boot Record (MBR)
Drops startup file
Loads dropped DLL
Blocklisted process makes network request
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3c02cff7aa1784336ec96fce16cac267c812ce98ab6a7497c8b7f8c44c54a1e9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/115347/

Comments