MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fuery


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
SHA3-384 hash: f06bca0331f82fa18babddd1f1f0abfc59e839a06e8fdffedc97c1a2dc005af6c89e8c681037254f4e787ec1a3a3a983
SHA1 hash: ab32151a41525bd342e5550eec672d5decfb3931
MD5 hash: 0f0430c4d36ba14b3ceaf175f9f76d97
humanhash: earth-lemon-speaker-sink
File name:file
Download: download sample
Signature Fuery
Create hunting rule
File size:352'256 bytes
First seen:2025-11-29 12:25:10 UTC
Last seen:2025-11-29 14:43:07 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 43843f737ba899f89b83bbc52773c3d2 (1 x Fuery)
ssdeep 6144:gYrDDCnn1RXaZ7OTjd4uJftA4V/Dajj/Vn5V15uq+12x9N0I8tEqe/n:fr3CnzaZ7OTZD31DorV5V/z+1iN0
TLSH T1B074690267F91149F1F7AFB56ABA4511893ABCA6AB75CADF1082424F0D31FC099B0737
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 Fuery


Avatar
Bitsight
url: http://178.16.55.189/files/8233900432/bItigum.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
90
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-11-29 12:27:10 UTC
Tags:
auto-reg loader smtp
Link:
https://app.any.run/tasks/0d8e9182-9503-4b34-8b3a-e37ac724f334

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/41829/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692ae6336657e343328239d1
Tags:
malware
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
Creating a window
DNS request
Connection attempt
Sending an HTTP POST request
Sending an HTTP GET request
Creating a file
Sending a custom TCP request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context crypt genheur lolbin microsoft_visual_cc packed tracker virus xpack
Link:
https://www.filescan.io/uploads/692ae6301b65ca0bb9275afc/reports/3cf7afa2-13d0-485c-95d6-b91c243aa080/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
Result
Gathering data
Verdict:
Clean
File Type:
exe x32
Link:
https://opentip.kaspersky.com/7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/fc11795c-8622-4637-bf47-385be0d366b8
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/0f0430c4d36ba14b3ceaf175f9f76d97
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b/
Verdict:
Malicious
Threat:
Family.FUERY
Link:
https://tip.neiki.dev/file/7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
Threat name:
Win32.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-11-29 12:25:25 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
14 of 36 (38.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pwk32vdvi52xd2cyrmbaah3ihf34yvw3whz5a5nvyzteh4s6mznq._file
Result
Malware family:
fuery
Create hunting rule
Score:
  10/10
Tags:
family:fuery discovery persistence trojan
Link:
https://tria.ge/reports/251129-plrq2avlew/
Behaviour
System Location Discovery: System Language Discovery
Adds Run key to start application
Downloads MZ/PE file
Fuery
Fuery family
Malware Config
C2 Extraction:
http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.
Unpacked files
SH256 hash:
7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b
MD5 hash:
0f0430c4d36ba14b3ceaf175f9f76d97
SHA1 hash:
ab32151a41525bd342e5550eec672d5decfb3931
Link:
https://www.unpac.me/results/9668b1c4-0025-4c80-944d-1b00b152936d/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

Executable exe 7d95bd5475477571e8588b02001f683977cc56dbb1f3d075b5c66643f25e665b

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/41829/
  
URLhaus
https://urlhaus.abuse.ch/url/3720321/

Comments