MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
SHA3-384 hash:	89c466af3618b018b3bf99acd7ea269a0492d0c90400e5723f554ad2a4a379b1169932433601bbdafbedd3a80e092421
SHA1 hash:	71a32e0d99f6d6a36770bf60686c4ac04eb9d70c
MD5 hash:	861c54a22491b35880f4ec629cfd699f
humanhash:	fanta-freddie-stairway-eleven
File name:	SecuriteInfo.com.Win32.Application.Agent.61JFNV.12324.16148
Download:	download sample
File size:	12'800'080 bytes
First seen:	2024-06-04 13:30:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	9dda1a1d1f8a1d13ae0297b47046b26e (64 x Formbook, 39 x GuLoader, 22 x RemcosRAT)
ssdeep	393216:TAJ8PZ1g/3inKFsdoSpsK1RVryLx9FPeN:TAJ8P8/yKF+oSpsKPtux9teN
TLSH	T153D633967A238DA7C8F4E47219F0A59FDAF6F311AEC8944E53994F13705F342842E392
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
File icon (PE):
dhash icon	4a696ddce4f4f261 (26 x Gozi, 9 x AgentTesla, 3 x FFDroider)
Reporter	SecuriteInfoCom
Tags:	exe signed

Code Signing Certificate

Organisation:	Tim Kosse
Issuer:	Sectigo Public Code Signing CA R36
Algorithm:	sha384WithRSAEncryption
Valid from:	2022-02-18T00:00:00Z
Valid to:	2025-02-17T23:59:59Z
Serial number:	31830c370ad7e497633b6eb3a02d69e6
Thumbprint Algorithm:	SHA256
Thumbprint:	ed619a9a79713e12ffb757cf8a51bba89fbb967ec6223c653f1f8932b0e2a25a
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

374

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

https://download.filezilla-project.org/client/FileZilla_3.66.5_win64_sponsored2-setup.exe

Verdict:

Malicious activity

Analysis date:

2024-04-09 08:37:10 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/eb615cec-bdf4-4192-a5b8-2ebeb8c4f6c3

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win32.Application.Agent.61JFNV.12324.16148.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=665f4221ab69e84d6a2f611cwin7simulatehigh_evasion

Tags:

Credentials Infostealer Stealth Unwanted Putty

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a file in the %temp% directory

Creating a file

Reading critical registry keys

Creating a window

Verdict:

Malicious

Labled as:

Win/grayware_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

Result

Verdict:

MALICIOUS

Malware family:

FileZilla

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/53aaa25f-6df0-43fa-ac89-dd40348ce27a

Result

Threat name:

n/a

Detection:

suspicious

Classification:

n/a

Score:

26 / 100

Link:

https://www.joesandbox.com/analysis/1415008

Signature

Creates an undocumented autostart registry key

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

64%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3ppius6xdoy7xqcrdtnwk7p677no3ritvjbf7blainjsu7f2n7ha._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

7/10

Tags:

spyware stealer

Link:

https://tria.ge/reports/240604-qsc2wshb61/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Enumerates physical storage devices

Loads dropped DLL

Unpacked files

SH256 hash:

9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

MD5 hash:

4add245d4ba34b04f213409bfe504c07

SHA1 hash:

ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

4913d4cccf84cd0534069107cff3e8e2f427160cad841547db9019310ac86cc7

MD5 hash:

d458b8251443536e4a334147e0170e95

SHA1 hash:

ba8d4d580f1bc0bb2eaa8b9b02ee9e91b8b50fc3

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

MD5 hash:

1d8f01a83ddd259bc339902c1d33c8f1

SHA1 hash:

9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

MD5 hash:

640bff73a5f8e37b202d911e4749b2e9

SHA1 hash:

9588dd7561ab7de3bca392b084bec91f3521c879

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

7c9c04568066571e550bad0e696904227354e339bdf095c879de16e400a176ed

MD5 hash:

722b6461cc52b20c0cbaa1e48362f520

SHA1 hash:

505cb1a0f6dcb8b3f6621afaf9d74aec3dfd23a0

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

110545415a59402635e1c9439acba15b44bab268ed02ad2a262ce12604a47855

MD5 hash:

a8c86996c4230c2209f5927f21321377

SHA1 hash:

45ce0ab93cb6a3a594e54878cce05df724024393

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08

MD5 hash:

adb29e6b186daa765dc750128649b63d

SHA1 hash:

160cbdc4cb0ac2c142d361df138c537aa7e708c9

Detections:

INDICATOR_TOOL_UAC_NSISUAC

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

Parent samples :

f5f3e5658f8ec6c1e7ffa7e7d6df06d04af1f3a5941206ce23b8be979c60ccb1
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
ac142a8087949b5ad4e3a503ca37609845112c4f7e0cd1376669c9d5c8f5cdf2
15d4dbafb6fb1770507db7769b2df6f3857da0ad3203a71c5f82a99688dac2b3
b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
4f2e6dc8e4d8e0dfcc44a28d34c10653bd833abb8832e47e609d255f246c67f0
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
34a5c9c0106b37687fbdd51a60a026d06e7301ec40b1f7fb49384d8fe748e9e6
503c9fae00b047a77059de8e9ff6dddb6d2584f18ccf6480d69d395c65492ad4

SH256 hash:

f57d4802b66961121b681618f2eda4e08f6205655b0e8f215137a055f41e033e

MD5 hash:

f396bfcae04ef8ebe05491784910e822

SHA1 hash:

b8ab18512697e2a93a0fda917b5ce0da18361b8e

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

ae731d47be35246d9c0f8f6058e635879e4a9df0544917405dd468fd9e57cabb

MD5 hash:

731bb4f91fe8a41bf66c84d98b95309e

SHA1 hash:

e44b46897b421e0be1939c060d436b1d4378f733

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

35cc8b5548b8b5de0f1a55afc515214df9dd109cc5133df686445d82b3ea31db

MD5 hash:

04edcdcdbae273e19e04ad0ab1116834

SHA1 hash:

7ccf4f4652fd71a35ecffdcf8f45d1942dead43d

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

311488e3c21f1b3573bbe049f94d82135bb049a97128c26f2edded9ec6892adf

MD5 hash:

f0814b8ed97027f251cf76403e1a12ce

SHA1 hash:

4db14cc3f41c9ef5f72aa975626a037b03dbfe9c

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

02716be5069a813438bd53a0daf653828eb71461fb8a1d12476f1db21caf909d

MD5 hash:

a0a2a39aa408b3267b89b433958f9b34

SHA1 hash:

f7586e9325471723f8f97b38fad202815b5f3967

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

00cdff6714f939ff105174138eaa40bb82f6ef7b68b7901bf1736dd921fb7eea

MD5 hash:

b9c02046616ea73bc6a98a295025d684

SHA1 hash:

fa6d0f784fb20a8ff0709237cfd46627027f570c

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

SH256 hash:

dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

MD5 hash:

861c54a22491b35880f4ec629cfd699f

SHA1 hash:

71a32e0d99f6d6a36770bf60686c4ac04eb9d70c

Link:

https://www.unpac.me/results/ade96d03-090f-456e-9aaa-e119bf4de8fa/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	NSIS_April_2024 Create hunting rule
Author:	NDA0N
Description:	Detects NSIS installers

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	PE_Potentially_Signed_Digital_Certificate Create hunting rule
Author:	albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (HIGH_ENTROPY_VA)	high

Reviews

ID	Capabilities	Evidence
COM_BASE_API	Can Download & Execute components	ole32.dll::CoCreateInstance
SECURITY_BASE_API	Uses Security Base API	ADVAPI32.dll::AdjustTokenPrivileges
SHELL_API	Manipulates System Shell	SHELL32.dll::ShellExecuteExW SHELL32.dll::SHFileOperationW SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_API	Can Create Process and Threads	KERNEL32.dll::CreateProcessW ADVAPI32.dll::OpenProcessToken KERNEL32.dll::CloseHandle KERNEL32.dll::CreateThread
WIN_BASE_API	Uses Win Base API	KERNEL32.dll::LoadLibraryExW KERNEL32.dll::GetDiskFreeSpaceW KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_API	Can Create Files	KERNEL32.dll::CopyFileW KERNEL32.dll::CreateDirectoryW KERNEL32.dll::CreateFileW KERNEL32.dll::DeleteFileW KERNEL32.dll::MoveFileW KERNEL32.dll::MoveFileExW
WIN_BASE_USER_API	Retrieves Account Information	ADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_API	Can Manipulate Windows Registry	ADVAPI32.dll::RegCreateKeyExW ADVAPI32.dll::RegDeleteKeyW ADVAPI32.dll::RegOpenKeyExW ADVAPI32.dll::RegQueryValueExW ADVAPI32.dll::RegSetValueExW
WIN_USER_API	Performs GUI Actions	USER32.dll::AppendMenuW USER32.dll::EmptyClipboard USER32.dll::FindWindowExW USER32.dll::OpenClipboard USER32.dll::PeekMessageW USER32.dll::CreateWindowExW

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample