MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fuery

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a
SHA3-384 hash:	ca4d2a7dedb2c702cc107c2f8c6de647b548d13fbd0a7711a2c9f40230b9d4757aee8bc5a37a710ae96b1b444efde0d6
SHA1 hash:	bba8d93e6892000408e2ac25d9413b053587fcae
MD5 hash:	34c0f4b807c1f0824c7af15f0f204538
humanhash:	mirror-undress-steak-april
File name:	file
Download:	download sample
Signature	Fuery Create hunting rule
File size:	299'520 bytes
First seen:	2026-01-19 12:54:51 UTC
Last seen:	2026-01-19 14:30:16 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	b10596a614daeaf025ce254fa50b488b (2 x Fuery, 1 x WallStealer)
ssdeep	6144:q++EixYAs4x93zshR2xjqlNGOCvsdVqtwwNUKzfGPxL:sEixYABhshR2FHOCvsdVh0fG
TLSH	T17154F081ABFD2051F2B39FB519F54526897AB899AF71CACF0581920F0931FD08CB17A7
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe fbf543 Fuery

Bitsight

url: http://130.12.180.43/files/8233900432/s0JNrXB.exe

Intelligence

File Origin

# of uploads :

# of downloads :

104

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2026-01-19 12:56:33 UTC

Tags:

auto-reg loader

Link:

https://app.any.run/tasks/bd176205-8ba0-4a26-8867-942d450a01bf

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/49326/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=696e29bdbcad3327ec065ff9

Tags:

ransomware delphi hype

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

crypt evasive expand krypt lolbin microsoft_visual_cc packed xpack zaccess

Link:

https://www.filescan.io/uploads/696e29b9584f1963ad5bee05/reports/62e2bdef-7f99-4cc3-b787-c6a8d36207ac/overview

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

Result

Gathering data

Verdict:

Malicious

File Type:

exe x32

Detections:

HEUR:Trojan.Win32.Agent.gen

Link:

https://opentip.kaspersky.com/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ce04c966-cc0e-4f46-b582-2528aa35cf03

Score:

92%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/34c0f4b807c1f0824c7af15f0f204538

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a/

Verdict:

Malicious

Threat:

Family.FUERY

Link:

https://tip.neiki.dev/file/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2ycjamuh6bb4q3lphpgpem5kpcxcxubpcwz4tqihjdbrqglpx5na._file

Result

Malware family:

fuery

Score:

10/10

Tags:

family:fuery discovery persistence trojan

Link:

https://tria.ge/reports/260119-p5zkzsfx4f/

Behaviour

Program crash

System Location Discovery: System Language Discovery

Adds Run key to start application

Downloads MZ/PE file

Fuery

Fuery family

Malware Config

C2 Extraction:

http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/7066cf53-4a08-4e86-af6e-4b9468ee9712

Unpacked files

SH256 hash:

d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

MD5 hash:

34c0f4b807c1f0824c7af15f0f204538

SHA1 hash:

bba8d93e6892000408e2ac25d9413b053587fcae

Link:

https://www.unpac.me/results/093bd595-77fd-4efe-94d6-0d4d298e829d/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

exe d604903287f043c86d6f3bccf233aa78ae2bd02f15b3c9c10748c318196fbf5a

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/49326/

URLhaus

https://urlhaus.abuse.ch/url/3760261/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample