MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132
SHA3-384 hash: e188488321484764bdca023ae1361db0639ed82e4daf34b9c9b2386e64d8b6855cc0d1cc714cee2027e917c206b338cb
SHA1 hash: 5e29e37dc4cd88601d470fb179c48195373b0e7b
MD5 hash: f997db8d32c5d35741815e4e1ea77ac5
humanhash: arkansas-carbon-shade-florida
File name:f997db8d32c5d35741815e4e1ea77ac5.exe
Download: download sample
File size:100'740 bytes
First seen:2022-04-16 06:31:14 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 1536:/LXB65939tY6HBg4sXJgV8niItI+wHMaw4LqbEQKTrkicJbBo0IlKOPw6fjyBN:/Lk395hYXJgV8iAwZFWb9+rk/JbLOt8
Threatray 2'907 similar samples on MalwareBazaar
TLSH T1E6A3D0463BC4D89FE42216B091B7832DE3FA9E0416115BA35BAC7F7F39361834D2B196
TrID 92.9% (.EXE) NSIS - Nullsoft Scriptable Install System (846567/2/133)
3.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
1.1% (.EXE) Win64 Executable (generic) (10523/12/4)
0.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
0.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon cce8eaf0b4d4d8b8 (1 x Redosdru, 1 x Nitol)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
350
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f997db8d32c5d35741815e4e1ea77ac5.exe
Verdict:
No threats detected
Analysis date:
2022-04-16 06:31:54 UTC
Tags:
installer
Link:
https://app.any.run/tasks/305ae5c0-574b-4f13-9c2e-41f136b294d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264087/
Detection(s):
Win.Trojan.Farfli-9811912-0
Create hunting rule

Win.Trojan.Farfli-9811913-0
Create hunting rule

Win.Trojan.Farfli-9811975-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/625a62e6482f2f41caba711e/reports/63e4695d-0bd3-4717-9e5e-3c0efdb05310/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Gh0st RAT
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/44bad75d-87db-478f-909e-3d7464276fa8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/977634
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2022-04-15 18:49:31 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
23 of 26 (88.46%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0681ecd6616ff5d98d9027707e825a27606de847c5260a9c0af7b9a85322af54
1c6421eff5d5551f9032931c440e342b515ea903eae463d6ec7af4e6a4fab0fc
2ce59da4fce3c5ab48b5800d2f1cc55891603b1c57fb653c84e4d334a17faf7b
6cd35936694146f18ac734938f284cf65fde178cf3fb5b528da0be2818d61f6e
8178b91db8a02abf1aeed3a6d7c88e2af76ce3fad4ab0efafb6a518251a8ed9d
a3c9610c64c7e9db15c7502ad1fc8be61f4c0bf60090c791c840450077e3dd8c
bbac0874eeeea009e7d80dd6a1c4fb2cc9a836d19caa767983bc626f3992afca
c3d893baa2a20c57ce145d588d6fce2159d14a2d3fd5ebdda62091c598f24499
d78193e44bf0422ec63bc0b3396e061fd62428eca605de08daba2850f1907f96
f783b40a52930d48605ec87cd62cacd6537e0b8f1e354e50b067cc679013fb3a
+ 2'897 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/220416-hamjlsdccq/
Behaviour
Enumerates physical storage devices
Unpacked files
SH256 hash:
6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132
MD5 hash:
f997db8d32c5d35741815e4e1ea77ac5
SHA1 hash:
5e29e37dc4cd88601d470fb179c48195373b0e7b
Link:
https://www.unpac.me/results/4c76f9ba-88de-48f2-8623-eb112e06a59e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.08
Link:
https://yomi.yoroi.company/submissions/6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 6b52c3796c85aac983a57bcd1352915fbe9b923e9f623080c1d1aa156442f132

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1940463/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/264087/

Comments