MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 98011c4066f47e8f3628772faeae182566a68c9829eb9206b04115b307c42f5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 98011c4066f47e8f3628772faeae182566a68c9829eb9206b04115b307c42f5a
SHA3-384 hash: d2f108d99464e657304fb0438cd6058d90caca901c7f9522835e9f14ca158e793e65294d114d12b4a268fece76a86687
SHA1 hash: 3afd86d3fb658af0aec8d531a6e0b99245738cf3
MD5 hash: e61ce5b57f208dde9f017c9999951996
humanhash: oranges-lithium-mango-triple
File name:98011c4066f47e8f3628772faeae182566a68c9829eb9206b04115b307c42f5a
Download: download sample
File size:629'760 bytes
First seen:2020-06-16 09:33:17 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef471c0edf1877cd5a881a6a8bf647b9 (74 x Formbook, 33 x Loki, 29 x Loda)
ssdeep 12288:lOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiV1a68owYz9k/Z3iew:lq5TfcdHj4fmbeNdz69w
Threatray 963 similar samples on MalwareBazaar
TLSH BCD4F1D19944E84BD660237981B2FF3D103F9FE0BD26D60205F47DA3BB36A871C9285A
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/10727/
Detection(s):
PUA.Win.Packer.Upx-48
Create hunting rule

PUA.Win.Packer.Upolyx-12
Create hunting rule

Gathering data
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-06-15 00:53:00 UTC
File Type:
PE (Exe)
Extracted files:
23
AV detection:
29 of 31 (93.55%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
27534ee3bfdbfc3b5bfb4b61237354d3d529822b0b64789528c1a8c2ae455318
4e20252f94c4824e06bfcb274d0deceb6e33b6b09db74c25b029f4972fed8572
4f51da0a7034a3b491bf21d56896d2cc97f5f240911abfaeacfe73d80bd84a34
5c6e6b2ac1dd3b79f6bd5de563d90e9614d75a2f33dbde962dd708242e6eb1b8
63b2df67beaec43492dc1fb48b2a2419b9a04d919c6056d5155d819b28b163f7
782fa714fdc51cee0a898e99f98093833524a280d11dbe52aa74b4e18b37262c
98adc81333513f7dda2e6217243bb0c0f2eb602c50c90702c3742b0ffb010d94
9ac8d9211067d6a7481de6c319a8b1539e60d6b63b4cf8588167fea878b5bbf7
aeae1c78b122bf6a5269858413bcc62e36dde1815b375976e4072e6cb301d7c3
bd49dbc39747130c1e76ad9ce9579a8d4fe5ea95ef5ade5568db2b398c072327
+ 953 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan persistence
Link:
https://tria.ge/reports/200624-7d6mm58p7x/
Behaviour
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Runs net.exe
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Drops file in System32 directory
Suspicious use of SetThreadContext
Modifies service
Checks whether UAC is enabled
Adds Run entry to start application
Disables Task Manager via registry modification
Modifies Windows Firewall
UAC bypass
Windows security bypass
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10727/

Comments