MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fuery


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61
SHA3-384 hash: c10cc436d8aa294a04b951f7287cecd874a8dec3b03ba00e00010a654c77f221e056cc0e7a3c470c739dc6807ca2f2ef
SHA1 hash: 58c29e6a2963da290ef66f69eb787bb92f9e74e6
MD5 hash: 81de2aaca8f504a6085b8f5e894be729
humanhash: winter-venus-coffee-fix
File name:file
Download: download sample
Signature Fuery
Create hunting rule
File size:326'656 bytes
First seen:2025-12-27 15:41:52 UTC
Last seen:2025-12-27 17:19:03 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash b10596a614daeaf025ce254fa50b488b (3 x Fuery, 1 x WallStealer)
ssdeep 6144:Z61ASP8Jy69RkRI9gIlLk/xl7GgrbnCIR6gyRRZu:4L8DkC9vlLk/tbCIjKPu
TLSH T1AF64BE42A7FD1155F4F7ABBA6ABA4141893ABD656BB2CADF2080411F0C70BC09DB0777
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 Fuery


Avatar
Bitsight
url: http://130.12.180.43/files/8233900432/WpawwoG.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
114
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-12-27 15:42:39 UTC
Tags:
auto-reg smtp loader
Link:
https://app.any.run/tasks/9ea74e77-ba4f-43b5-89c1-c84651015d1b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46228/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694ffe587634e68bd218eff4
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
crypt krypt microsoft_visual_cc packed virus xpack
Link:
https://www.filescan.io/uploads/694ffe5529529c74a2f57107/reports/bb2e1108-a9f3-4da5-971d-d7067607283a/overview
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61
Verdict:
Clean
File Type:
exe x32
First seen:
2025-12-27T12:54:00Z UTC
Last seen:
2025-12-27T18:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/8ba6cbde-6056-4d76-9f51-691972a91b0e
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61/
Verdict:
Malicious
Threat:
Family.FUERY
Link:
https://tip.neiki.dev/file/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61
Threat name:
Win32.Packed.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-27 15:42:16 UTC
File Type:
PE (Exe)
Extracted files:
12
AV detection:
15 of 24 (62.50%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zbenmqy6oixkbrvbdbbzwkvozbh5tkrzckt5qt5x7v2iy56th5qq._file
Result
Malware family:
fuery
Create hunting rule
Score:
  10/10
Tags:
family:fuery discovery persistence trojan
Link:
https://tria.ge/reports/251227-s5hh9agp9s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Program crash
System Location Discovery: System Language Discovery
Adds Run key to start application
Loads dropped DLL
Downloads MZ/PE file
Fuery
Fuery family
Malware Config
C2 Extraction:
http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f8b5ea1e-d00c-4a36-83ab-d217d3cc750e
Unpacked files
SH256 hash:
c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61
MD5 hash:
81de2aaca8f504a6085b8f5e894be729
SHA1 hash:
58c29e6a2963da290ef66f69eb787bb92f9e74e6
Link:
https://www.unpac.me/results/289aba68-0531-4350-9cf2-afbf86a6f207/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

Executable exe c848d6431e722ea0c6a118439b2aaec84fd9aa3912a7d84fb7fd748c77d33f61

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3744752/
Cape
Cape
https://www.capesandbox.com/analysis/46228/

Comments