MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 7 File information Comments

SHA256 hash:	d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6
SHA3-384 hash:	1ae65345f463928141618959c65d7498743ac10de22ce54a60aeddbd65469de82986ff51041eed953a09f7b425ae356e
SHA1 hash:	69a65e7a28be4f924f5fdf79ea08f050dac760ac
MD5 hash:	b9693b6541a22d01b100b867375279e6
humanhash:	sixteen-harry-fruit-nine
File name:	d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6
Download:	download sample
File size:	233'984 bytes
First seen:	2024-10-10 16:16:50 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	3d3c54a1893ef4ecc2c2c202285b4013
ssdeep	3072:0Xp9xOeXTmPmXvUeqZ0kLnQTN+JNecKPCIdP9VCgs83:07xOgTmPRLZ02QTN+JNvKPCI1b3
Threatray	2 similar samples on MalwareBazaar
TLSH	T190345B6E220B12E5E069C73FC24D0642D3BEBC164722D7EF0635792E1EF76A12E78159
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
File icon (PE):
dhash icon	a2d4cde8b249ccb2 (1 x Lazarus)
Reporter	JAMESWT_WT
Tags:	95-164-17-24 exe

Intelligence

File Origin

# of uploads :

# of downloads :

168

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

FCCCall.exe

Verdict:

No threats detected

Analysis date:

2024-08-12 08:56:11 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9ea3a026-3b19-4306-bedd-1e6ec518c39e

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.12654.11470.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6707fe02f936b5621b0c587a

Tags:

Nukesped Phonzy Invis

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm beavertail crypto lolbin microsoft_visual_cc packed shell32

Link:

https://www.filescan.io/uploads/6707fe00b5f92be8082e5d7f/reports/e87cf2a5-ae7f-4b1e-9cb9-f71c3bdb067f/overview

Verdict:

Malicious

Labled as:

Trojan_Win32_Phonzy_B_ml

Link:

https://www.hybrid-analysis.com/sample/d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6

Malware family:

Lazarus

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/8ac1a6fd-6f84-428c-afec-c590e844dc2e

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

56 / 100

Link:

https://www.joesandbox.com/analysis/1530956

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6/

Threat name:

Win64.Trojan.Malgent

Status:

Malicious

First seen:

2024-08-13 02:57:29 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

22 of 38 (57.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2xalrhq57pu7lznsyp3ull4jli3k353s6c3suiqffltn7icfz2ta._file

Verdict:

malicious

Label(s):

beavertail

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/241010-trclhsvbnd/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/48ba78fa-5697-4407-8831-4e4f1922b323

Unpacked files

SH256 hash:

d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6

MD5 hash:

b9693b6541a22d01b100b867375279e6

SHA1 hash:

69a65e7a28be4f924f5fdf79ea08f050dac760ac

Detections:

INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs

Link:

https://www.unpac.me/results/cbd26753-4457-4b5c-b6f1-416c3d2c4d55/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d5c0b89e1dfbe9f5e5b2c3f745af895a36adf772f0b72a22052ae6dfa045cea6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs Create hunting rule
Author:	ditekSHen
Description:	Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Rule name:	Macos_Infostealer_Wallets_8e469ea0 Create hunting rule
Author:	Elastic Security

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Reviews

ID	Capabilities	Evidence
DP_API	Uses DP API	CRYPT32.dll::CryptUnprotectData
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::TerminateProcess KERNEL32.dll::GetStartupInfoW KERNEL32.dll::GetCommandLineW
WIN_BASE_EXEC_API	Can Execute other programs	api-ms-win-crt-runtime-l1-1-0.dll::_get_narrow_winmain_command_line

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample