MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Redosdru


Vendor detections: 10


Intelligence 10 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f
SHA3-384 hash: a7d4a2333471a0078c585755dec199ba85962033ebf494044313e130492e88ab5c6dca8fb50f941be59b16d1059d67e9
SHA1 hash: 1adb42029997c8351df9d5760e4ad41563d64a13
MD5 hash: ca1d49f98c9521e443f5163fcf17310b
humanhash: florida-floor-yankee-lamp
File name:4DEF25BFDE1457EF315EBFCF6523021223BBCF31FDFC3.exe
Download: download sample
Signature Redosdru
Create hunting rule
File size:28'672 bytes
First seen:2022-04-03 01:45:42 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d3699e76643af2dad3cd1ed6c158247c (2 x Redosdru)
ssdeep 384:VA5Nojv0WqFkPfNq7A1Sm8yWBVjHzzdU:VQob0WOkC6P8lzm
Threatray 111 similar samples on MalwareBazaar
TLSH T1B3D2292AE68504B2DEC2D27016FF4E7941B79D915BFC864F4788FC9C0D722D2AA1324E
File icon (PE):PE icon
dhash icon 246763064d231646 (1 x Redosdru)
Reporter abuse_ch
Tags:exe Redosdru


Avatar
abuse_ch
Redosdru C2:
110.76.158.75:11024

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
110.76.158.75:11024 https://threatfox.abuse.ch/ioc/290342/

Intelligence

File Origin
# of uploads :
1
# of downloads :
258
Origin country :
n/a
Vendor Threat Intelligence
Gathering data
Detection(s):
Win.Trojan.Farfli-9811912-0
Create hunting rule

Win.Trojan.Farfli-9811913-0
Create hunting rule

Win.Trojan.Farfli-9811975-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Searching for the window
Sending an HTTP GET request
Creating a file
Creating a process from a recently created file
Creating a file in the Program Files subdirectories
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
Creating a file in the %temp% directory
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/12419/overview
Behaviour
MalwareBazaar
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/6248fc5a9253b276b7d2f33e/reports/c77d4e51-0808-4bd4-b7e9-46f3b952171c/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/8ad0e103-e2ea-464f-8d9b-a40ee4a58863
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/969490
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Machine Learning detection for sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2021-12-30 22:54:31 UTC
File Type:
PE (Exe)
Extracted files:
2
AV detection:
38 of 42 (90.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jxxslp66crl66mk6x7hwkiyccir3xtzr7x6d3jukxiormsaygixq._file
Verdict:
malicious
Similar samples:
0a26e5b7a813b49276c7b02470d677db61171701b71e5697fa80cb6518a34865
Redosdru
1305139a7ad70ad2c9af4c10be27e65da65b9273fe92c75b4ea8c6aa94e6c98d
Redosdru
420c4a968b184211b9e5e2d26b5a460229249a6fbc5a3dbdba6b5096e4903b63
Redosdru
5eb5ed756b14dd3e6898821753d02f24f8bd0595d911f61f772d7d2652d8ff97
Redosdru
799866f1237d484f5e55633b6200443fe19bddc88257207b4a1142ae97b93f3c
Redosdru
7e2d72b0a1edfdcbff3274250989bebcfae867c42f1417057c8a5adc4c2daf58
Redosdru
81d6978af7320d1e0631ffaa3b976b16f3475b235a9c072b88fb82dae0ad6b14
Redosdru
a1619735fbaec9312f45078025ff45630fead8f14509ac0a400dbfd0a922ec17
Redosdru
ae5f6a5007c02c48f4bba3dd694c528f500f8e12ec106661149e4a3d1f678c8d
Redosdru
+ 101 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220403-b6ys7ahcem/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Enumerates connected drives
Downloads MZ/PE file
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f
MD5 hash:
ca1d49f98c9521e443f5163fcf17310b
SHA1 hash:
1adb42029997c8351df9d5760e4ad41563d64a13
Link:
https://www.unpac.me/results/8acbdaea-3348-4428-8354-bf739fa8a067/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/4def25bfde1457ef315ebfcf6523021223bbcf31fdfc3da68aba1d164818322f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/260226/

Comments