MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72660328d491a37b99ae219252eccab4dfd568329fbb72e512167b239ba2c190. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	72660328d491a37b99ae219252eccab4dfd568329fbb72e512167b239ba2c190
SHA3-384 hash:	bcd65f516215b17595c5edb169a2b1954bc5d7e086609009074261a2d10445ae99c844854b69741733f964f161f8ea31
SHA1 hash:	df29614665cd5974118a72ed5f8591932e83f54a
MD5 hash:	e1537d773b8c7cdd043b5abf17ae5f43
humanhash:	ohio-fillet-twenty-don
File name:	FedEx AWB# 776940935588.exe
Download:	download sample
File size:	793'088 bytes
First seen:	2020-03-31 14:09:05 UTC
Last seen:	2020-03-31 14:09:17 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b8b949414a1cbbc9af7d834ae8be805f (11 x RedLineStealer, 5 x RaccoonStealer, 4 x ArkeiStealer)
ssdeep	24576:RGjkJKC/JyETA5WLkIVsK/cRgOnmq9g6ZgpLelp:RGgDhOKJcOU7m6ZgQlp
Threatray	10 similar samples on MalwareBazaar
TLSH	1DF423A8009B5D8DFA6B29F67519E6EBC6D720D668B141621EF7753FC88CF4430408BB
Reporter	c_APT_ure

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

PUA.Win.Packer.Asprotect-3

SecuriteInfo.com.Trojan.PWS.Stealer.28261.7234.21230.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Frs

Status:

Malicious

First seen:

2020-03-23 05:56:21 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 31 (77.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ojtagkgusgrxxgnoegjff3gkwtp5k2bst65xfziscz5shg5cygia._file

Verdict:

malicious

5ef8714caf9c7296847b67b27edb93c3aec23d7e77b57d23d0e8607d707a2c49

615b9395be665d265953e69924b4df1808eda0fd40381d6d469bf4c362590125

aeb1bfcef382789091e72e2d6cae6e471123d0e8e7a5f39c64abf5a3d9a4eaa8

afe57674c53de398de18be61175e7cf55447e9c57cd3b4c82b035a9d65ec86f3

d06d675add136cc82c55c68166df534afa018e9f1ae333a9a75cacc1ec66d9d3

d2edc352a2a157c1ac51e314039ca894958635959d905900755992eed6a13256

d9d17e87f7261c2ae63156fee822d1b39646b3ac61693033ad62ab8cbf4de7c5

f066f830f62f469a36d49b22554dfd186c0d131a3ad924df108262f87b2346ab

f4bf1d1294fcdebf960a81bc8bdf14edb488c4d844a90ab100a1d5354f8cd443

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN_BASE_API	Uses Win Base API	kernel32.dll::LoadLibraryA

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample