MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a80a763b2921dfeeeec8a9c75b06af7b37f4281541f959e6229b835b46f1185. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	8a80a763b2921dfeeeec8a9c75b06af7b37f4281541f959e6229b835b46f1185
SHA3-384 hash:	5bd608e1a039bfda0c0ae2454f96aae6834409c55fbe1fe400980edcc03f0eec5574776c8107ade5ca996a07044c6965
SHA1 hash:	6fc7363d0f25504fde6682c132812c079d1b8252
MD5 hash:	46582b17d6c5506b38f91152c9ed7f59
humanhash:	august-four-freddie-michigan
File name:	SecuriteInfo.com.Trojan.GenericKD.42894136.25649.22151
Download:	download sample
File size:	173'056 bytes
First seen:	2020-03-28 11:00:37 UTC
Last seen:	2020-05-06 17:16:50 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	16d1fed55cf41d0e773e46c43aa5f906
ssdeep	3072:q6FOuxHwfHJQTZMGMUdFrqcRkRuC/VN35vILUMZdElcdA:qa3qHJQTZMLUbqcRkF/NQUMk+
Threatray	68 similar samples on MalwareBazaar
TLSH	AB042A1BB3E308FEC657913482EBE772A471F0151324BE2E1A95DF332D64C245B6E968
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.42894136.25649.22151.UNOFFICIAL

Gathering data

Threat name:

Win64.Trojan.Fuerboos

Status:

Malicious

First seen:

2020-03-26 18:18:31 UTC

File Type:

PE+ (Exe)

AV detection:

21 of 31 (67.74%)

Threat level:

2/5

Verdict:

suspicious

458f18cc6d84a4c18e8319b9860a85ee68a0eac23a292d19500aea4d0d6db4d5

5355c506c4e860b1c35c4eade8e462ccea8b4da1ff5dfc2bd70437176a9217b5

5f6adcdc4b4d6b876c33b57ed612ca3707c49eb8b56d0b325ec79c6f0616c107

6a0649a94dadf6581c913e92f01d0d0f2414b6fb7792f36250bd565b4b6ce481

87e69df644cf7fa95ced9c33e3fcd4a88356baea18ac20c2aac042d223d7c4b8

9cd4df25010125f2ef3eeef44503b3c2b58435af758fe7213d053a60f018f3d8

a57337366ce7dc7b059633a944b048c25457841f2916573062973003793a0b0c

ebd0a53672107762483efcef26bcca3f35bc148136c2424083aae6273165868c

f4cac50207b981342657091f9780a78c6ca6f4ebbf24c132d18dad13beba9864

+ 58 additional samples on MalwareBazaar

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8a80a763b2921dfeeeec8a9c75b06af7b37f4281541f959e6229b835b46f1185

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/331293/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/358438/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_NX	Missing Non-Executable Memory Protection	critical
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Reviews

ID	Capabilities	Evidence
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessA KERNEL32.dll::CloseHandle
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::GetStartupInfoA
WIN_SOCK_API	Uses Network to send and receive data	WS2_32.dll::closesocket WS2_32.dll::connect WS2_32.dll::gethostbyname WS2_32.dll::htons WS2_32.dll::inet_addr WS2_32.dll::inet_ntoa

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample