MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86
SHA3-384 hash: b78cb5909972b716c4d762d41691e48b8a9ef1139688299b9a16242bd7acab9bb015c0b6673ad68098588f734c4eb0eb
SHA1 hash: 4976d8b5267b06ca7709196a0d4622378338c00f
MD5 hash: 3e7da85e59416f184a2d6957ec958164
humanhash: white-lemon-wisconsin-vegan
File name:3e7da85e59416f184a2d6957ec958164
Download: download sample
File size:84'992 bytes
First seen:2021-11-23 23:36:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 03e79711308813d1a6f9f372b520e11d
ssdeep 1536:tcK3a7GNZN/rMk5Av3lJ66FIw5OzAc7AWMksarEkeE5U:tcKhZNQkgfBhWFsa5eE5U
Threatray 9 similar samples on MalwareBazaar
TLSH T1F4834C33BDC7C8B2D56012B1187D6BB281ADD9397B7312D7A3C81E6A89541E32E72C35
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
150
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3e7da85e59416f184a2d6957ec958164
Verdict:
Suspicious activity
Analysis date:
2021-11-23 23:37:15 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/cf52816d-917a-4977-8e1d-f9a3c8d556ce

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Сreating synchronization primitives
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Searching for the window
DNS request
Sending a custom TCP request
Creating a process from a recently created file
Creating a window
Sending an HTTP GET request
Launching a service
Enabling autorun by creating a file
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware
Link:
https://www.filescan.io/uploads/619d7b1ef36138de3f384636/reports/b3a9795c-27a8-4772-950f-54b09032c1d7/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/5ec92496-a2dc-4dd3-a9a2-f5973149acb5
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/895100
Signature
Antivirus detection for URL or domain
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
Performs DNS queries to domains with low reputation
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86/
Threat name:
Win32.Trojan.Fugrafa
Create hunting rule
Status:
Malicious
First seen:
2021-11-22 15:24:56 UTC
File Type:
PE (Exe)
AV detection:
8 of 45 (17.78%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
0d62bb4a0b9c5d7684491458a0759551373a0fb211f062705ae0cafe1ac1a605
4aba670fcfd1dcfd558fbd3848db4b7e36526596aa1df5ef0c39b017f954370b
522fba71f8b27f706deb2caee46b1c5350c41decc21be032bb9a447a0d34c698
7b91e9f9e71958ca487aabd657b044009703e38861e743984ff976bfb02f6aa4
9e158664ac351f8ea38f3a0c288d58e3bea0264a989da36448c6fc78a82bea98
d9d1a29e428b70152ea7e0977e3dbcea1b1f046a9f903d0df61dc65d7da6cdfb
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/211123-3l5jsabefm/
Behaviour
Suspicious use of FindShellTrayWindow
Unpacked files
SH256 hash:
8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86
MD5 hash:
3e7da85e59416f184a2d6957ec958164
SHA1 hash:
4976d8b5267b06ca7709196a0d4622378338c00f
Link:
https://www.unpac.me/results/2082ffed-7e17-4175-973a-b362fc08c6fe/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8e7a854b4de275147830648894bafc01de9b2952fc7591de58331f827f3fda86

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1810779/
Cape
Cape
https://www.capesandbox.com/analysis/208835/

Comments


Avatar
zbet commented on 2021-11-23 23:36:25 UTC

url : hxxp://host-file-host9.com/files/7273_1637506723_4921.exe