MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1
SHA3-384 hash: 55ced04ade2daefc06f923c7cb9c158cfc6a5c18aed454651e721585cb55900bdbab1ef99ac4da63f71a9b3cda2e0e43
SHA1 hash: 7bb8328c39c8ec388ffe72e947a85fd4c9c690c6
MD5 hash: 9c62dcbe1bf87d6e1fd16ed8e93bb1fb
humanhash: edward-ten-missouri-lactose
File name:2.exe
Download: download sample
File size:3'730'432 bytes
First seen:2022-08-05 07:49:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 98304:ZNWM1/2EzzhKQxphovCYURsccxTnRqviklCnR:Zx2EzdKQxp6CYMyTnR/R
Threatray 2'331 similar samples on MalwareBazaar
TLSH T1310602C1C9858892E97D8D3410B72D3A423B6F7BA96C5DE99E4CF12176B38CD1039A1F
TrID 37.8% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
20.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.7% (.EXE) Win64 Executable (generic) (10523/12/4)
7.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
File icon (PE):PE icon
dhash icon 71694d4dccc8c8d5
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
261
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
FuacasFire.exe
Verdict:
Malicious activity
Analysis date:
2022-07-10 06:31:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/689f95e8-af4f-4774-8fca-5d6ba3b65e82

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296594/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34587420.17402.2208.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Сreating synchronization primitives
Launching a service
Creating a file
Creating a window
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Searching for the window
DNS request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/28113/overview
Behaviour
MalwareBazaar
CPUID_Instruction
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed shell32.dll
Link:
https://www.filescan.io/uploads/62eccbafbcf76fcb6ce73ec0/reports/a9a4471e-9283-4d32-bf8d-5dcae81c0f4b/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Charming Kitten
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb1e0543-a66f-4235-8293-c8712f754692
Result
Threat name:
Babadeda
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
63 / 100
Link:
https://www.joesandbox.com/analysis/1046625
Signature
Adds a directory exclusion to Windows Defender
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell adding suspicious path to exclusion list
Uses bcdedit to modify the Windows boot settings
Yara detected Babadeda
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679119 Sample: 2.exe Startdate: 05/08/2022 Architecture: WINDOWS Score: 63 31 Multi AV Scanner detection for dropped file 2->31 33 Sigma detected: Powershell adding suspicious path to exclusion list 2->33 35 Multi AV Scanner detection for submitted file 2->35 37 2 other signatures 2->37 7 2.exe 15 2->7         started        process3 file4 23 C:\Users\user\Desktop\SysWin.exe, PE32 7->23 dropped 25 C:\Users\user\Desktop25Sudo.exe, PE32+ 7->25 dropped 27 C:\Users\user\AppData\Local\Temp\...\5C3B.bat, ASCII 7->27 dropped 29 5 other files (none is malicious) 7->29 dropped 10 cmd.exe 1 7->10         started        13 conhost.exe 7->13         started        process5 signatures6 39 Uses bcdedit to modify the Windows boot settings 10->39 41 Adds a directory exclusion to Windows Defender 10->41 15 NSudo.exe 10->15         started        17 NSudo.exe 10->17         started        19 NSudo.exe 10->19         started        21 16 other processes 10->21 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1/
Threat name:
Win32.Ransomware.LockBit
Create hunting rule
Status:
Malicious
First seen:
2022-07-10 09:36:06 UTC
File Type:
PE (Exe)
Extracted files:
20
AV detection:
19 of 26 (73.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oejur3a7whzka2vdsrqywpo6r2i3fg5gwaex2vcuffjbvvkde3yq._file
Verdict:
malicious
Similar samples:
12a36301b6e64f51063aca4beeb5c3bcfa3b38787332fe0bfdda806777a43720
1d1c688d117950a23ae8c39cbe2bfee953030f33a59afe869989b2e9470c464e
4da864854d368ab640245f8174d247e0b9947045712d2d7449e25e7074b8587c
4fe08cc381f8f4ea6e3d8e34fddf094193ccbbcc1cae7217f0233893b9c566a2
80af29bf7cb3a8b904a8d11d34c13bd5a2dcf5b4798138c16c093b2b8a5a9105
9e2374545fd02bff5d25134c71940bf423173a9bb611f54f5db6729c8407da66
b3c03dc87f759a1b0336cb34993bed8d35f9b4e5b28295ff57ebb968875d14e9
cdd4ab01797a178b70303381028cb419a8550a15fa75bdb40f6d56bc289b7dcf
eaf08f6d20670daa716352b18fbc7801d4dbba9e26f986cec4234947e83bba0e
f3622af9e9478d97008e6a7d3f97449148f2cc6fc03420d47020f7b33dbd47cb
+ 2'321 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220805-jn9rqshfdk/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
0eb584706bba4a652b094cc88cb9f11fc33c84046a42a5f9433094d6a25f9dab
MD5 hash:
ee673be93752da4f4f15fdca617b9360
SHA1 hash:
7d163f90e484a4bd73a6f38519d527d5537675be
Detections:
win_extreme_rat_w1
Create hunting rule
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
Parent samples :
711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1
fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1
SH256 hash:
b6bcf5a57aeed49f051574af405c21d36edb21315f9fc855d762d091897dab02
MD5 hash:
10303266d08f7f623a737edac3cb086e
SHA1 hash:
1ae7f139feacd3027444d367d06e4c2810050a9c
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
7c98d231ce2c49803b4b145b9941cee4169e10e356cc55373473085e8ee23167
MD5 hash:
fbe39cf5e41b7f300c30c1e84daf04f9
SHA1 hash:
fc3cf5513cb25b10406010f1f349a6c9f2424a8a
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
bad0228364fcc33d06e5dd0ac80ff47015463ab1420d60046cad9b09eb96baff
MD5 hash:
9a6f3ef5db5aca6e26dec2490bfd9c2c
SHA1 hash:
2b62922043d3c525fb39470e8fab328727331e5b
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
11c3ee074177dccf5acc841b1a1f9fa17add52aaf183d9d37c4b5eca0d8a4b63
MD5 hash:
43e386fbddf1b966a91546d93aaee328
SHA1 hash:
11ed6bb03b2e533722f5de39af0723c9e4187adf
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
00b9c0120df0595184523a3620ef9b3c3e11fc0e61d366d7eeabb646647cfceb
MD5 hash:
bd1f243ee2140f2f6118a7754ea02a63
SHA1 hash:
cdf7dd7dd1771edcc473037af80afd7e449e30d9
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
e37aa72bca3cecb9bdbe51cbd81ec1143bb17163088a1379a4ccb93f5d881e76
MD5 hash:
5cac4fe734fc8454ccb847e030beee38
SHA1 hash:
34298fe220e35f614b2c837cf1dc2604ab0882d6
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
SH256 hash:
711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1
MD5 hash:
9c62dcbe1bf87d6e1fd16ed8e93bb1fb
SHA1 hash:
7bb8328c39c8ec388ffe72e947a85fd4c9c690c6
Link:
https://www.unpac.me/results/4e8cdb6e-1801-41e5-a735-ca4c7a846bd6/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/711348ec1fb1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/296594/

Comments