MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
SHA3-384 hash: 35c523ed777990fc4382eeac659885916d2137e8b28041275c085c0d6cb69efe4ad771b4ec2dab434b5aee1bdb11c0ca
SHA1 hash: bf939c9c261d27ee7bb92325cc588624fca75429
MD5 hash: 74bc2d0b6680faa1a5a76b27e5479cbc
humanhash: edward-pizza-steak-georgia
File name:_ffmpeg.dll
Download: download sample
File size:2'814'976 bytes
First seen:2023-03-30 10:09:25 UTC
Last seen:2023-04-03 11:48:10 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 33955ad6c8fb7e74dee473c690ca4dbc
ssdeep 49152:rLqBG2uIgj3kAFN2bInEkQ2L2A67dxhlsZDKUCIefkeJYbQWzKpDdN3lzl3hmmGP:rt31ekQhZ/JYbxKB838G
TLSH T15AD5AE07E6D50099D019C534879F9233FA31384A8B24A6EF1B919A243F7BFD46E7E724
TrID 63.5% (.EXE) Win64 Executable (generic) (10523/12/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Reporter Anonymous
Tags:3CX exe LABYRINTH CHOLLIMA

Intelligence

File Origin
# of uploads :
4
# of downloads :
352
Origin country :
ES ES
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
7986.msi
Verdict:
No threats detected
Analysis date:
2023-03-30 09:09:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c9c20398-1fc1-4d8e-886b-cfc1b2bd22b5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/378801/
Detection(s):
SecuriteInfo.com.SmoothOperator.8720.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/75757/overview
Behaviour
MalwareBazaar
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm apt greyware
Link:
https://www.filescan.io/uploads/64255ffc00226dd2c92b05a9/reports/f27b72b5-80a4-4efa-90a5-24a3042c29e2/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d23934d0-8c7e-4d65-a3f9-ba5a29b2d4ba
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1205040
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 837954 Sample: _ffmpeg.dll.exe Startdate: 30/03/2023 Architecture: WINDOWS Score: 48 34 Multi AV Scanner detection for submitted file 2->34 7 loaddll64.exe 1 2->7         started        process3 process4 9 rundll32.exe 7->9         started        11 cmd.exe 1 7->11         started        13 rundll32.exe 7->13         started        15 7 other processes 7->15 process5 17 WerFault.exe 9 9->17         started        20 rundll32.exe 11->20         started        22 WerFault.exe 20 9 13->22         started        24 WerFault.exe 9 15->24         started        26 WerFault.exe 9 15->26         started        28 WerFault.exe 9 15->28         started        30 WerFault.exe 9 15->30         started        dnsIp6 32 192.168.2.1 unknown unknown 17->32
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2023-03-22 09:04:54 UTC
File Type:
PE+ (Dll)
AV detection:
17 of 37 (45.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pgdlxlxisqg2chhare4dkinliigeiovxwfpnikxnsh6tdtudhcla._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230330-l7djradf5s/
Unpacked files
SH256 hash:
7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
MD5 hash:
74bc2d0b6680faa1a5a76b27e5479cbc
SHA1 hash:
bf939c9c261d27ee7bb92325cc588624fca75429
Detections:
Backdoor3CX
Create hunting rule
Link:
https://www.unpac.me/results/e59a05b5-b082-4477-a68f-7281ffdb9ea3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.virustotal.com/gui/file/7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
Cape
Cape
https://www.capesandbox.com/analysis/378801/

Comments