MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca
SHA3-384 hash:	0c6dda09f2e5689e4426b561205205e34909e81f815367af43126b57a7d89c989d2c9de4d81d5e47e9d5b88a5e40779c
SHA1 hash:	b0990f8df008fa3c54209ee37bbd74de03ad6ada
MD5 hash:	01a091446376a18851b9bfe881f1bac7
humanhash:	wyoming-venus-paris-butter
File name:	file
Download:	download sample
File size:	303'616 bytes
First seen:	2025-12-02 20:31:31 UTC
Last seen:	2025-12-02 22:19:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	43843f737ba899f89b83bbc52773c3d2 (1 x Fuery)
ssdeep	6144:euWCU2F8IW+bNUYZhCXNpPcTQOzEHEH/M568VVPXaK:8CBb9nUOYw8VV
TLSH	T13A54E001A7F91155F6B7AFB55AB245668A3AFC206BB2CADF2081115F1C31BC08DB173B
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe fbf543

Bitsight

url: http://178.16.55.189/files/8233900432/o7Hjuu7.exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

file

Verdict:

No threats detected

Analysis date:

2025-12-02 20:34:03 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/d24ad0ea-68ee-47bd-a775-a6ea86ea68a8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/42180/

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=692f4cd0264b106bd6461c9d

Tags:

n/a

Gathering data

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca

Result

Gathering data

Verdict:

Clean

File Type:

exe x32

Link:

https://opentip.kaspersky.com/74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d9265ba1-9692-4c25-ab52-e6f098395af1

Score:

94%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/01a091446376a18851b9bfe881f1bac7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca/

Verdict:

Malicious

Threat:

Family.FUERY

Link:

https://tip.neiki.dev/file/74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2025-12-02 20:32:15 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

17 of 36 (47.22%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oskywqiosrhqildb5bkzczkhvbp72sm2xxibvkw4i4fnussntpfa._file

Result

Malware family:

fuery

Score:

10/10

Tags:

family:fuery discovery persistence trojan

Link:

https://tria.ge/reports/251202-zbcjgaxlhy/

Behaviour

Suspicious behavior: EnumeratesProcesses

System Location Discovery: System Language Discovery

Adds Run key to start application

Loads dropped DLL

Downloads MZ/PE file

Fuery

Fuery family

Malware Config

C2 Extraction:

http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/722ccb49-73d0-45f9-84d4-14182200c478

Unpacked files

SH256 hash:

74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca

MD5 hash:

01a091446376a18851b9bfe881f1bac7

SHA1 hash:

b0990f8df008fa3c54209ee37bbd74de03ad6ada

Link:

https://www.unpac.me/results/c41b14f2-47f7-4008-b5fc-8fab1d0ea7aa/

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 74958b410e944f042c61e855916547a85ffd499abdd01aaadc470ada4a4d9bca

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3723600/

Cape

https://www.capesandbox.com/analysis/42180/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample