MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Fuery


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments

SHA256 hash: 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
SHA3-384 hash: f06bca0331f82fa18babddd1f1f0abfc59e839a06e8fdffedc97c1a2dc005af6c89e8c681037254f4e787ec1a3a3a983
SHA1 hash: ab32151a41525bd342e5550eec672d5decfb3931
MD5 hash: 0f0430c4d36ba14b3ceaf175f9f76d97
humanhash: earth-lemon-speaker-sink
File name:file
Download: download sample
Signature Fuery
File size:352'256 bytes
First seen:2025-11-29 12:25:10 UTC
Last seen:2025-11-29 14:43:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43843f737ba899f89b83bbc52773c3d2 (1 x Fuery)
ssdeep 6144:gYrDDCnn1RXaZ7OTjd4uJftA4V/Dajj/Vn5V15uq+12x9N0I8tEqe/n:fr3CnzaZ7OTZD31DorV5V/z+1iN0
TLSH T1B074690267F91149F1F7AFB56ABA4511893ABCA6AB75CADF1082424F0D31FC099B0737
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 Fuery


Avatar
Bitsight
url: http://178.16.55.189/files/8233900432/bItigum.exe

Intelligence


File Origin
# of uploads :
5
# of downloads :
90
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-11-29 12:27:10 UTC
Tags:
auto-reg loader smtp

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Tags:
malware
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Connection attempt
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context crypt genheur lolbin microsoft_visual_cc packed tracker virus xpack
Result
Gathering data
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Threat name:
Win32.Malware.Heuristic
Status:
Malicious
First seen:
2025-11-29 12:25:25 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
14 of 36 (38.89%)
Threat level:
  2/5
Result
Malware family:
Score:
  10/10
Tags:
family:fuery discovery persistence trojan
Behaviour
System Location Discovery: System Language Discovery
Adds Run key to start application
Downloads MZ/PE file
Fuery
Fuery family
Malware Config
C2 Extraction:
http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.
Unpacked files
SH256 hash:
7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
MD5 hash:
0f0430c4d36ba14b3ceaf175f9f76d97
SHA1 hash:
ab32151a41525bd342e5550eec672d5decfb3931
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

Executable exe 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download

Comments