MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Fsysna


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e
SHA3-384 hash: c2e078ce2d7b00337e1df920398e81d5f390f92928c3d25e2f806e78a8e1b425bf9ec15ece0cfb881312fa53c8545fdc
SHA1 hash: 433471495f168d8361971f95fff1a1e78dc1ea81
MD5 hash: 7831a9eebbb485ab4850460e33185cb3
humanhash: florida-finch-timing-twenty
File name:7831a9eebbb485ab4850460e33185cb3
Download: download sample
Signature Fsysna
File size:184'320 bytes
First seen:2021-02-18 12:51:21 UTC
Last seen:Never
File type:DLL dll
MIME type:application/x-dosexec
imphash 4ee2dcd2d21b28a35328141159152cd9 (1 x Fsysna)
ssdeep 3072:uK0iNMRqv04lfLCgwsgXdb9yb58G2c1Omh/9EFUsC6K474vf0:EUSqv0Jbsb58VelEpC69svf0
TLSH 6704AE4238B988B8E82629B50994C7F03A6CEF20CD944C6F175BB32E5DD60E1BD35F19
Reporter c3rb3ru5d3d53c2
Tags:LodeInfo

Intelligence


File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Sending a UDP request
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Signature
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Behaviour
Behavior Graph:
behaviorgraph top1 signatures2 2 Behavior Graph ID: 354781 Sample: ZaLMawcaWt Startdate: 18/02/2021 Architecture: WINDOWS Score: 56 23 Multi AV Scanner detection for submitted file 2->23 6 loaddll32.exe 2 2->6         started        process3 process4 8 rundll32.exe 32 6->8         started        12 rundll32.exe 6->12         started        15 rundll32.exe 6->15         started        17 11 other processes 6->17 dnsIp5 21 167.179.65.11, 49734, 49737, 49738 AS-CHOOPAUS United States 8->21 25 System process connects to network (likely due to code injection or exploit) 8->25 19 C:\Windows\Temp\syslog.log, COM 12->19 dropped file6 signatures7
Threat name:
Win32.Trojan.Fsysna
Status:
Malicious
First seen:
2020-12-10 13:46:18 UTC
AV detection:
21 of 29 (72.41%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Behaviour
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
3fda6fd600b4892bda1d28c1835811a139615db41c99a37747954dcccaebff6e
MD5 hash:
7831a9eebbb485ab4850460e33185cb3
SHA1 hash:
433471495f168d8361971f95fff1a1e78dc1ea81
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments