MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 accafbac6570976cee357e8e24306a3bfc436da82533d8d3f13b29344c6e313a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: accafbac6570976cee357e8e24306a3bfc436da82533d8d3f13b29344c6e313a
SHA3-384 hash: 9efd4377e7d224162f54ea9794621f390bd35b8dee17f72d2ea69ab9b4f987d71172c5ff491758e2ed91d9695538c081
SHA1 hash: 9f5341b9516a064267ae19eaed093c4084b55a1c
MD5 hash: 4b0a17ae8015965479306887d4b44787
humanhash: three-jupiter-island-zebra
File name:点‍击安‍装纸‍飞‍机-简‍体中文语言包 (10).com
Download: download sample
File size:2'428'416 bytes
First seen:2022-05-16 12:58:19 UTC
Last seen:2022-05-16 13:46:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 493871f0784d0d733e68b5dfb4b3e7a2
ssdeep 49152:r/jOkAqm6hQ6Git2qa4wQtv7DpcMAtKqi+DxE4evRWAcc3/6yROYC/xjU/TbZgmi:+kAqm6Vl3a4wQtDDpcMAtKqi+QRWARvq
Threatray 14 similar samples on MalwareBazaar
TLSH T1EFB5AF313A90D8BAC9232570854EA7BCA3EDBF305AB652C356503F393B75592482C77B
TrID 54.4% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
18.3% (.EXE) Win64 Executable (generic) (10523/12/4)
8.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.8% (.EXE) Win32 Executable (generic) (4505/5/1)
3.5% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter obfusor
Tags:exe Farfli RAT

Intelligence

File Origin
# of uploads :
5
# of downloads :
225
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/271132/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a window
Creating a file in the %AppData% subdirectories
Changing a file
Launching a service
Sending a custom TCP request
Sending a UDP request
Launching a process
Creating a file
Creating a process from a recently created file
Creating a process with a hidden window
DNS request
Sending an HTTP POST request
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Malware family:
n/a
Score:
  9/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/18022/overview
Behaviour
MalwareBazaar
MeasuringTime
SystemUptime
CheckScreenResolution
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
control.exe greyware keylogger packed shell32.dll
Link:
https://www.filescan.io/uploads/62824aa3fd71ca8b2ee54c7f/reports/f9e2f19d-23ec-4b73-9ee6-dbc2091e132a/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/55ba34a2-99ec-4dcb-a3c1-44eb0ec88eb9
Result
Threat name:
Unknown
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/995115
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/accafbac6570976cee357e8e24306a3bfc436da82533d8d3f13b29344c6e313a/
Threat name:
Win32.Trojan.Bingoml
Create hunting rule
Status:
Malicious
First seen:
2022-05-16 12:58:41 UTC
File Type:
PE (Exe)
Extracted files:
85
AV detection:
14 of 26 (53.85%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1bfa8af4b51d9fc54d4baa49df27116f44ce269da9123625c1f2ba17289ea2cd
2b7e4e5758699f924f50615e8fe48e13bf428d7aa1fcbfb2ed4f64a0fd6a8f93
2cd18c340d412d1c09215c828190621ce558d8ea43ba0ad28e3365ff0619fe8b
4248e3a85f2ba76bb7757f263937e9e4f1bc1a26c3287464d146a96667a13e3a
8d5cb3f9c6a203c575b84080268c623a4483a5c701e8930fe0bc6f6b00acadb6
92fa1be9945e7097b6eabe9ef9ce9dbe8d23c296d7df68da48b4d2a88ce8d22a
a19c6e51982be4a38ee1a1e99e51043b8aa3988f40b05ec7b10bd0e96962dc66
ab2b30ab80cc9b916fa2885d0e223ff2b8a0ed619a0cdf795f5ca2f967d76837
+ 4 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220516-p724wscdg2/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Unpacked files
SH256 hash:
accafbac6570976cee357e8e24306a3bfc436da82533d8d3f13b29344c6e313a
MD5 hash:
4b0a17ae8015965479306887d4b44787
SHA1 hash:
9f5341b9516a064267ae19eaed093c4084b55a1c
Link:
https://www.unpac.me/results/4487f9da-5163-402f-8a91-8de9d5bb38d5/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/accafbac6570976cee357e8e24306a3bfc436da82533d8d3f13b29344c6e313a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/271132/

Comments