MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ef2e98f3c0a438e1a6139c575a1d79bb45b824a5bdcb1ffab90e3d161cae73d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ef2e98f3c0a438e1a6139c575a1d79bb45b824a5bdcb1ffab90e3d161cae73d
SHA3-384 hash: 450731bc8d70a01a24675dbf135d4cfc4460608b8faebefd3ac0a5e2fd70793707b92e728db36fddaa7d9a11edf66e4d
SHA1 hash: 49c7164c419e8595d8bfdfe01f41a0e9284bcb4e
MD5 hash: d88a9c4b53c6370175efd3863bb978a4
humanhash: fruit-carbon-video-leopard
File name:SecuriteInfo.com.Variant.Fragtor.66683.27290.23120
Download: download sample
File size:110'592 bytes
First seen:2022-03-16 02:34:58 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4bf38f63d465d7c9d7bd8e0f45ec07d7
ssdeep 1536:x41pb8ioaUuT+UPiQMqPNHz7Ekxqk6WMR2kCyU3lAnwkOzNrd/w0BLq8HpQ6+uJc:Nu7TNiQMen1xqKwCTVEyzj/66FJt+
Threatray 23 similar samples on MalwareBazaar
TLSH T169B36B9112C7136FCA54F5B1D69D8A80C5CF6E22396ACFCB850D243EDC796A603BBC19
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
245
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Variant.Fragtor.66683.27290.23120
Verdict:
Suspicious activity
Analysis date:
2022-03-16 03:06:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/8b2b3061-f49f-4144-8802-f30da8520cf7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/251134/
Detection(s):
SecuriteInfo.com.Variant.Fragtor.66683.27290.23120.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/9386/overview
Behaviour
MalwareBazaar
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
shell32.dll
Link:
https://www.filescan.io/uploads/62314cd9b94fb38cb48a95b9/reports/c82607be-77e5-4191-aa53-302c8446aefd/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ec67f070-fc93-472b-a7f2-33f41ccf014e
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/957603
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 590084 Sample: SecuriteInfo.com.Variant.Fr... Startdate: 16/03/2022 Architecture: WINDOWS Score: 48 12 Multi AV Scanner detection for submitted file 2->12 6 SecuriteInfo.com.Variant.Fragtor.66683.27290.exe 2->6         started        process3 process4 8 WerFault.exe 23 9 6->8         started        10 WerFault.exe 6->10         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ef2e98f3c0a438e1a6139c575a1d79bb45b824a5bdcb1ffab90e3d161cae73d/
Threat name:
Win32.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2022-03-16 02:35:10 UTC
File Type:
PE (Exe)
AV detection:
12 of 42 (28.57%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
45fd025d4d7964439d08a932823955f802f0e3932bcc8ed7d5db13b565007e1e
4d11816de1a6429b0fa2f9754f7e51e45a6afb350ddd5b806974b629e8fc6fc3
9ac626aa27ed91a3d825388f32d02778a0486e8646fcd9a672c29f3ca6f09e56
9f6a8cf503fa963fca29cabcadab8cd6fb9dd99387a0a67fb81f9b15fe4ffd94
a9d56a970eec658eb67a023fe7b188a4275499d2acf9f91819ae95ffcbebbdad
bb20143e44d0b77b03c2649708028c7430e3ada3d7dd11474af8104856c5e9b6
eb3760a4e141a5124a475ade9acb42a90791e769250aa588d79958a4c2268985
eff47275909235fd5c99e70e2ff65d70c63faa9354808d2819547897ce481762
+ 13 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220316-c2187aghh3/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
3ef2e98f3c0a438e1a6139c575a1d79bb45b824a5bdcb1ffab90e3d161cae73d
MD5 hash:
d88a9c4b53c6370175efd3863bb978a4
SHA1 hash:
49c7164c419e8595d8bfdfe01f41a0e9284bcb4e
Link:
https://www.unpac.me/results/29e0d49e-1607-4565-9cdc-8598754bfdd9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/3ef2e98f3c0a438e1a6139c575a1d79bb45b824a5bdcb1ffab90e3d161cae73d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/251134/

Comments