MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 adeb04b65678ceff470b8a43e47052775598f1bafda8a023be6ce9a104924c94. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: adeb04b65678ceff470b8a43e47052775598f1bafda8a023be6ce9a104924c94
SHA3-384 hash: 8000198856ae0e2951cad99807e961d83b7db6c0071005696c0fd8e67f84f5a16e304bad3c31113d805c576b9ef7d72b
SHA1 hash: 3e01ab7394e27b66dfb29a58f8d41d97efbcad0f
MD5 hash: 447d61d1afb647d2adfa501962209a90
humanhash: venus-don-friend-steak
File name:CalUser.exe
Download: download sample
File size:513'536 bytes
First seen:2020-08-09 07:28:30 UTC
Last seen:2020-08-09 08:48:50 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a6aaba1275e973b8648f8cd2c0598f11
ssdeep 6144:C7XttNW0/7BkZkqnxJRHfCpiArep+jklh:0Xttw0T6THVAre+jC
Threatray 362 similar samples on MalwareBazaar
TLSH 11B4CFAA34E1C2BED5A751700F71EFBAA2B9F91089738B476394970D1E30D814637736
Reporter Jirehlov
Tags:exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
91
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42266/
Detection(s):
SecuriteInfo.com.Variant.Graftor.770353.9266.27548.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a custom TCP request
Sending a UDP request
Creating a window
Moving of the original file
Result
Threat name:
Unknown
Detection:
malicious
Classification:
bank.spyw.evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/415940
Signature
Checks if browser processes are running
Contains functionality to capture and log keystrokes
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/adeb04b65678ceff470b8a43e47052775598f1bafda8a023be6ce9a104924c94/
Threat name:
Win32.Backdoor.Farfli
Create hunting rule
Status:
Malicious
First seen:
2020-08-09 07:30:08 UTC
AV detection:
22 of 29 (75.86%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1a64802e01d94712cb6daf8339296b78cf0a7a81251e80937d01d975b31938dc
2a09b87dc4736771c5b8a31a0bb26ab1b27c60b35876094bec0a9c17c7397b31
450f426b4ce996fa470014e739db5382c6ee5b68ee53020c8ad8cac6eda7cd4b
5743c818b5b430cc87f997e52e41cae6a0c07b45435f278f07a23bd4a6d6c4a1
7308b321667d579fbab79329977c8396721f9211be62b99b3abb3ae8e49dbcb4
841b9682f1bcb94cc4c510c2564791004f3d1c26ae764c42c145fe16ab093901
b2e83843f6f749cd0d668b185a660ac34509f690352143dcd8e81215f6c8a299
b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7
e5aa24b17741f0caa3e222f3cf59a6d5d0a9b4786a395700016ca3ec44f4c073
eac8dfb9d6b65232bdf9c1f43aa4b1ef2f7c89fbfdfa328d31252dd3f1104fd0
+ 352 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  5/10
Tags:
persistence
Link:
https://tria.ge/reports/200809-prj4wj5cee/
Behaviour
Checks processor information in registry
Suspicious behavior: RenamesItself
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious behavior: EnumeratesProcesses
Checks processor information in registry
Modifies service
Modifies service
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/42266/

Comments