MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247
SHA3-384 hash: 74de4c9c78132d7cc630d942195b529dbe7b34f7c6f73d8daa81844fa878c7ccef485c0e2a88deec3d8712b87303fb17
SHA1 hash: 2b1ed9a50728df5aaa716e4c4e466b4496e8b105
MD5 hash: b53466259125d66deb6ef9d787fa1b13
humanhash: hotel-sink-california-winner
File name:b53466259125d66deb6ef9d787fa1b13
Download: download sample
File size:59'392 bytes
First seen:2021-09-10 08:33:26 UTC
Last seen:2021-09-10 10:57:01 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d617e8618688e76a02c9e4d9a14e5afd (1 x Phorpiex)
ssdeep 1536:pzQjJuw3c6hqh1kJaJrNKx5tzzevaCpzqFFzWcXdqu7mOYhngYFD:hQduF60Q0X036aCBqXcY6tgYFD
TLSH T1DE437C03EEE942F6F5A23CB6507B9A5B5D3FD849170AC2E786573D02C5212E0D23D28B
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
113
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
b53466259125d66deb6ef9d787fa1b13
Verdict:
Malicious activity
Analysis date:
2021-09-10 08:36:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ed284c89-4ab8-4158-80df-d54cd99b52a3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/186821/
Detection(s):
PUA.Win.Packer.NspackDotnetNor-2
Create hunting rule

PUA.Win.Packer.NspackDotnetNor-1
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Enabling the 'hidden' option for recently created files
Creating a window
DNS request
Connection attempt
Sending a UDP request
Connecting to a non-recommended domain
Sending a custom TCP request
Sending an HTTP GET request
Creating a file in the %temp% directory
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Blocking the Windows Security Center notifications
Creating a file in the mass storage device
Enabling threat expansion on mass storage devices by creating a special LNK file
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/980ff1b1-0785-4db7-84a6-70272aa3e62c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/848657
Signature
Changes security center settings (notifications, updates, antivirus, firewall)
Contains functionality to check if Internet connection is working
Contains functionality to detect sleep reduction / modifications
Creates HTML files with .exe extension (expired dropper behavior)
Drops PE files to the user root directory
Hides that the sample has been downloaded from the Internet (zone.identifier)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247/
Threat name:
Win32.Trojan.Phonzy
Create hunting rule
Status:
Malicious
First seen:
2021-09-10 08:18:10 UTC
AV detection:
20 of 45 (44.44%)
Threat level:
  5/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion persistence suricata trojan
Link:
https://tria.ge/reports/210910-kgfezschar/
Behaviour
Adds Run key to start application
Windows security modification
Windows security bypass
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Unpacked files
SH256 hash:
5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247
MD5 hash:
b53466259125d66deb6ef9d787fa1b13
SHA1 hash:
2b1ed9a50728df5aaa716e4c4e466b4496e8b105
Link:
https://www.unpac.me/results/e8660555-337b-4a0a-92dc-033e2f83a272/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/5fae9e2f6fc2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5fae9e2f6fc2e95b5f6be3c8c0d3a76cebf18a2526913d21c67bb98be35f8247

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1607543/
Cape
Cape
https://www.capesandbox.com/analysis/186821/

Comments