MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fsysna


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942
SHA3-384 hash: 147c8bcb19f6d27d0e19256eff0b1a9d9d8c9fc6bde492f46ac1a0fb52ae1a9ac0fc1521c9c93a43c63053c49781f647
SHA1 hash: 3ed50df8be27ad52ee959c530a31a93d0f3e7079
MD5 hash: e715dcea8c5012a51a4a11c508e2c291
humanhash: fanta-white-edward-louisiana
File name:e715dcea8c5012a51a4a11c508e2c291
Download: download sample
Signature Fsysna
Create hunting rule
File size:17'455'528 bytes
First seen:2021-11-22 15:18:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7fa974366048f9c551ef45714595665e (946 x Formbook, 398 x Loki, 261 x AgentTesla)
ssdeep 393216:1NJ6jElMZoCQ9/+o9dfBZK/LELp+rEjQE:1NJQE0oh791KDELp6DE
TLSH T1730733A95B985EF3C7DAC3321B54E0789D93DA0581D9A473D4E0E233191BB4D882CBBD
File icon (PE):PE icon
dhash icon fad8dae2f290e4e4 (1 x Fsysna)
Reporter zbetcheckin
Tags:32 exe signed

Code Signing Certificate

Organisation:Xiamen Fu Heng Network Co., Ltd
Issuer:DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1
Algorithm:sha256WithRSAEncryption
Valid from:2021-11-11T00:00:00Z
Valid to:2022-11-10T23:59:59Z
Serial number: 08699ad2fddc2ae99f3367193e2a1cb9
Thumbprint Algorithm:SHA256
Thumbprint: f246dab22d96ccf6b1e94508fc2f58224c44bafa8293cd90d0407166665e8638
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
e715dcea8c5012a51a4a11c508e2c291
Verdict:
No threats detected
Analysis date:
2021-11-22 15:45:17 UTC
Tags:
installer
Link:
https://app.any.run/tasks/b40c7bd8-da41-449f-b7a2-c8e2ed823c54

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Creating a window
DNS request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
60%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/619bb4eadd04e7d00e025e96/reports/667c14ca-ba26-462b-b49b-acab59d58bad/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2973fa70-447f-47d1-865b-36d6eaf1f9a9
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/893974
Signature
Machine Learning detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942/
Threat name:
Win32.Trojan.Fsysna
Create hunting rule
Status:
Malicious
First seen:
2021-11-21 01:03:38 UTC
File Type:
PE (Exe)
Extracted files:
529
AV detection:
6 of 28 (21.43%)
Threat level:
  5/5
Verdict:
suspicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/211122-sp7hfaahb8/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
Loads dropped DLL
Unpacked files
SH256 hash:
8e287326f1cdd5ef2dcd7a72537c68cbe4299ceb1f820707c5820f3aa6d8206c
MD5 hash:
0dc0cc7a6d9db685bf05a7e5f3ea4781
SHA1 hash:
5d8b6268eeec9d8d904bc9d988a4b588b392213f
Link:
https://www.unpac.me/results/ec37bd89-2b38-495c-9e1c-1b492419e0b3/
SH256 hash:
cc29b47a2cf924833e3e78a5985955801235556dd3b489ec9aca8665bcc32355
MD5 hash:
f199d14497aef655a20df000e006fda3
SHA1 hash:
1a118b2d8265eab1eba16f466580dbacc6e5e717
Link:
https://www.unpac.me/results/ec37bd89-2b38-495c-9e1c-1b492419e0b3/
SH256 hash:
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3
MD5 hash:
00a0194c20ee912257df53bfe258ee4a
SHA1 hash:
d7b4e319bc5119024690dc8230b9cc919b1b86b2
Link:
https://www.unpac.me/results/ec37bd89-2b38-495c-9e1c-1b492419e0b3/
SH256 hash:
aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942
MD5 hash:
e715dcea8c5012a51a4a11c508e2c291
SHA1 hash:
3ed50df8be27ad52ee959c530a31a93d0f3e7079
Link:
https://www.unpac.me/results/ec37bd89-2b38-495c-9e1c-1b492419e0b3/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fsysna

Executable exe aeed6f465b742621bf145219db4ca122f2d9986cfc716b03e99afbcbe336a942

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1805425/

Comments


Avatar
zbet commented on 2021-11-22 15:18:56 UTC

url : hxxp://down.yjhyjl.cn/20211119/yjghost_gw.exe