MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fcfdfcf1b6e70b28e91b0f0899bd4a745265c9f0ed1963249aa9b2dab14bd68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3fcfdfcf1b6e70b28e91b0f0899bd4a745265c9f0ed1963249aa9b2dab14bd68
SHA3-384 hash: 4bf0e461dba482bc4d223b8f34385982dff841385d2858ff1659b862342bdc74372bff09fbbbfe708640492426a636e7
SHA1 hash: 59ea8c2a3b17813846c7380017984ca959325a2a
MD5 hash: 5f2d04d51006a733f4a97c20af7722cc
humanhash: grey-emma-tennessee-enemy
File name:DOCSx.document.eml.exe
Download: download sample
File size:893'440 bytes
First seen:2020-12-08 20:51:00 UTC
Last seen:2020-12-08 22:37:31 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'747 x AgentTesla, 19'638 x Formbook, 12'244 x SnakeKeylogger)
ssdeep 24576:JG94Ni/XY6wQAAIjYQPEy+AbxOKBO4kW:JGWi/XY6YAoYQP8A9byW
Threatray 187 similar samples on MalwareBazaar
TLSH BE158D389F6D2635F1B69B3DC5E025A5A52EAB937703D92E18F521CC0B637CD48C062E
Reporter James_inthe_box
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
115
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/107353/
Detection(s):
SecuriteInfo.com.Trojan.Agent.FADD.31775.27258.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
Launching a process
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/558454
Signature
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3fcfdfcf1b6e70b28e91b0f0899bd4a745265c9f0ed1963249aa9b2dab14bd68/
Threat name:
ByteCode-MSIL.Trojan.FormBook
Create hunting rule
Status:
Malicious
First seen:
2020-12-08 14:15:49 UTC
File Type:
PE (.Net Exe)
Extracted files:
10
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h7h57ty3nzylfdurwdyitg6uu5csmxe7b3izmmsjvkns3kyuxvua._file
Verdict:
unknown
Similar samples:
1812bb921f5b81fdff4fa4975dd319eee7c773ca54acfd07a62c052aa34a57df
2268b02851b88a3dc6aea375ec1a36b9ceca5def60ca62e2f47d22db566e1e7a
527263a08f7ed967a2ef04b5eb127dfe923afbde7eb71a7781206eabcf7b8c4c
54a48d5630f8a4ca57c1107678b3cb68ea03e80878db3dc2ddb9d92227ad542d
69b99d16f072c6ab2687da255681f3f1c3a97746bfe516b206644a5056a99425
8a37e226e4756170421ab6a6667b6771049a7104e7b5b505562df8ba2d2171a1
95c3cb601dbbb3632ed38c77863e7787fe21f81d1f39c6dd6e23ce57657d4e32
9908fa5b6b2cc9c84494474cc42668dfb4c03abaa06d79451742ef9eb5c4543f
ae628fd84f2ba783d82aa6e8804e7c41341671758e04ebc236f76ef7c7bee129
df27e1cee5548d6c169e700946c102ffe88442f1dcbdb7bcad449194111ca5f2
+ 177 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/201208-3bzc55xltj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Unpacked files
SH256 hash:
9584f6d01e6452371cc9b4828030a13045d99c243c497b63628828e66aabe26f
MD5 hash:
7476e403eef14ac403c63c7279831780
SHA1 hash:
8387f558e30dc115987ac2b5c174a41302471abf
Link:
https://www.unpac.me/results/f0c478a8-5ff9-4aee-b492-4b880fe799f5/
SH256 hash:
3fcfdfcf1b6e70b28e91b0f0899bd4a745265c9f0ed1963249aa9b2dab14bd68
MD5 hash:
5f2d04d51006a733f4a97c20af7722cc
SHA1 hash:
59ea8c2a3b17813846c7380017984ca959325a2a
Link:
https://www.unpac.me/results/f0c478a8-5ff9-4aee-b492-4b880fe799f5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Kryptik
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3fcfdfcf1b6e70b28e91b0f0899bd4a745265c9f0ed1963249aa9b2dab14bd68

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/107353/

Comments