MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a415be3007323e2f44f88d02d2a7c5225ae795235d57aba13fa5057ff6acab61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a415be3007323e2f44f88d02d2a7c5225ae795235d57aba13fa5057ff6acab61
SHA3-384 hash: 4292529c71cf2fa7a1786d108643f58b7a5de04db59ba80933364c77356ee955a60dadccb5f67cdcd093bff42f13bcb3
SHA1 hash: 2c28bbd8a43ecf165238548671168aa3112fcca0
MD5 hash: df4540f99bf5f1e94cb32171eccb57a2
humanhash: bulldog-october-asparagus-kentucky
File name:SecuriteInfo.com.Fareit-FVUDF4540F99BF5.29830
Download: download sample
File size:520'192 bytes
First seen:2020-07-06 19:08:02 UTC
Last seen:2020-08-02 07:34:36 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'663 x AgentTesla, 19'478 x Formbook, 12'208 x SnakeKeylogger)
ssdeep 6144:N8obY/OKKdAsKmc94luQUQ0XLMJssFoZlgaD/RRisY:N8obY/O0BH94jUpUoZiaDX6
Threatray 73 similar samples on MalwareBazaar
TLSH 4CB41D221D548461FD481230D0E12B0B266B9DEF3DC07A47B189BBE79F19E4C7BB4A9D
Reporter SecuriteInfoCom

Intelligence

File Origin
# of uploads :
4
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/21791/
Detection(s):
SecuriteInfo.com.Fareit-FVUDF4540F99BF5.29830.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
DNS request
Using the Windows Management Instrumentation requests
Creating a window
Reading Telegram data
Reading critical registry keys
Sending a TCP request to an infection source
Stealing user critical data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a415be3007323e2f44f88d02d2a7c5225ae795235d57aba13fa5057ff6acab61/
Threat name:
ByteCode-MSIL.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2020-07-06 19:09:04 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
14fe0fa7e16253e53ce4c25616e08006ad09330bea8df9161a47b2815cd83067
1ca0fa0599ad3337700cfe55be2f6d0462a7e4301f8ccfdd87167a66754e7e71
24c871a763e208ba82f7ce7df48fea42c962214954181dc72f17c9112cc74c5e
2cba7569fc0d1b991734fdc617a03fe425edeff12546d81702254404b0bf33ab
2f20f6a816d2c508c63f687abd5ce8cbda2e3c262254188a0025b56928408eee
38ee6bea62658ae4fa75914261a5848a8db5b332ddfb52daf01e958871559e15
bc73cd93e40c3f14501d016a393f95d4a481a5a7d2fbbf99a6dc5e2b88156885
df54c4cf12eb9ff00568d4936f2c55a3193f6726b1a7f59c78a88a6f06488dbd
e5093e304a50d34cdf67ee8e49713c6131d6740e664ea49d9c98682336e3141a
e987d7cfccfc0718988a08971314cc56c07be7ff1985dd64d70165c7850b4b66
+ 63 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware
Link:
https://tria.ge/reports/200706-pmbde7wqt2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
Checks for installed software on the system
Checks for installed software on the system
Reads user/profile data of web browsers
Loads dropped DLL
Reads user/profile data of web browsers
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a415be3007323e2f44f88d02d2a7c5225ae795235d57aba13fa5057ff6acab61

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/408183/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/21791/

Comments