MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fuery


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d
SHA3-384 hash: 8c02dbdf53c0e2e7b1ea8dfd08bfbf4c904c38ea2307ec4fb3bb914195e78fffac0e6f521e9320e3bd68a4657710cf67
SHA1 hash: 658f511802a6e394b05871e5b9c07f10d5c95062
MD5 hash: d0a1802836714f8569c8d86e5fba9b5e
humanhash: glucose-tennessee-two-lemon
File name:SecuriteInfo.com.Win32.MalwareX-gen.68748741
Download: download sample
Signature Fuery
Create hunting rule
File size:376'832 bytes
First seen:2026-01-23 20:21:41 UTC
Last seen:2026-01-28 19:47:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b10596a614daeaf025ce254fa50b488b (3 x Fuery, 1 x WallStealer)
ssdeep 6144:oSaVvkavxPbGPs/tbkisyhJpw7wJ92o0MAS0AulF1QxcMtb+R8:Zahk8N60/tbVhJpwU92oCAEWx
TLSH T160843702A7F91145F2F7ABB66EBA8511893ABC666B72C9DF1081424F0931FC09DB0777
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe Fuery

Intelligence

File Origin
# of uploads :
362
# of downloads :
133
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
McZEgNt.exe
Verdict:
Malicious activity
Analysis date:
2026-01-23 20:18:17 UTC
Tags:
auto-reg loader
Link:
https://app.any.run/tasks/02b5dcbb-4ee7-498b-bf7c-65e0afee57c8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49924/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.68748741.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6973d788bcad3327ec0813ec
Tags:
malware
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypt evasive explorer krypt lolbin microsoft_visual_cc packed tracker xpack
Link:
https://www.filescan.io/uploads/6973d88dc67009fca91d2129/reports/a8043a6e-f190-4e5c-8763-80b378634a7f/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-01-23T17:25:00Z UTC
Last seen:
2026-01-24T19:22:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win32.Agent.gen
Link:
https://opentip.kaspersky.com/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/14ac3d23-3627-40c9-a45d-39fae08d9b9f
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/d0a1802836714f8569c8d86e5fba9b5e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d/
Verdict:
Malicious
Threat:
Family.FUERY
Link:
https://tip.neiki.dev/file/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d
Threat name:
Win32.Trojan.Lazy
Create hunting rule
Status:
Malicious
First seen:
2026-01-23 20:18:56 UTC
File Type:
PE (Exe)
Extracted files:
30
AV detection:
18 of 24 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=q4xgxvtsgpfmwke6mfu6g5hjdoczos66jwmlabs5nv6ymwarvboq._file
Result
Malware family:
fuery
Create hunting rule
Score:
  10/10
Tags:
family:fuery discovery persistence trojan
Link:
https://tria.ge/reports/260123-y5vfpsht8d/
Behaviour
System Location Discovery: System Language Discovery
Adds Run key to start application
Downloads MZ/PE file
Fuery
Fuery family
Malware Config
C2 Extraction:
http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.
Unpacked files
SH256 hash:
872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d
MD5 hash:
d0a1802836714f8569c8d86e5fba9b5e
SHA1 hash:
658f511802a6e394b05871e5b9c07f10d5c95062
Link:
https://www.unpac.me/results/4484ddbb-baf5-4e48-a917-4bbb0e02e0d6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

Executable exe 872e6bd67233cacb289e6169e374e91b85974bde4d98b0065d6d7d865811a85d

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/49924/
  
URLhaus
https://urlhaus.abuse.ch/url/3762633/
  
Delivery method
Distributed via web download

Comments