MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248
SHA3-384 hash: 2671ccee8f8f2a01d2dc24e3dfc6b9032308d6e414291d06019263b964a6bd3d206f297e0bdccfbad917196fe50e2292
SHA1 hash: 28ae2c9fe6ae8ca1e891d32094e159684363cef1
MD5 hash: 6b699598d9b88107f16ea4977a39dd2c
humanhash: zebra-oven-mango-fillet
File name:6b699598_by_Libranalysis
Download: download sample
File size:237'020 bytes
First seen:2021-05-05 09:03:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef85ed22de7ec9518877dc2b5979f64e
ssdeep 3072:KhS7VD4/EnzzMUD8u8EC45xRS5b7lIf3GYHfqR1hAtTD5DyXglREK0c:dOizzb8uDxZCHlIZgEh5DyXglh
Threatray 1 similar samples on MalwareBazaar
TLSH 7C3412E0ABCBC5E7E5C4253207C7DED8576E4246A946CF46A3F5FABE3C780108E90592
Reporter Libranalysis


Avatar
Libranalysis
Uploaded as part of the sample sharing project

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/150108/
Detection(s):
Win.Worm.A-13
Create hunting rule

PUA.Win.Packer.Asprotect-3
Create hunting rule

PUA.Win.Packer.Aspack-29
Create hunting rule

PUA.Win.Packer.Aspack-30
Create hunting rule

Win.Worm.Fasong-24
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file
Creating a service
Enabling the 'hidden' option for recently created files
Sending a UDP request
Enabling autorun for a service
Enabling autorun with the shell\open\command registry branches
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248/
Threat name:
Win32.Worm.Fasong
Create hunting rule
Status:
Malicious
First seen:
2020-05-06 19:46:52 UTC
AV detection:
30 of 31 (96.77%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
03745fbf91cf67f1c079704524ed1b5064fc3e067083e33a9cc1655a3748ee2a
Result
Malware family:
n/a
Score:
  10/10
Tags:
aspackv2 persistence
Link:
https://tria.ge/reports/210505-ct1x2kce3j/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of WriteProcessMemory
Drops file in Program Files directory
Adds Run key to start application
Enumerates connected drives
Loads dropped DLL
ASPack v2.12-2.42
Executes dropped EXE
Modifies system executable filetype association
Unpacked files
SH256 hash:
de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248
MD5 hash:
6b699598d9b88107f16ea4977a39dd2c
SHA1 hash:
28ae2c9fe6ae8ca1e891d32094e159684363cef1
Link:
https://www.unpac.me/results/d3839264-2fff-4363-8e07-fadf921b1134/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/de048753f687a726312de3ad7f8f0e05966fdd5207942d4a4a82488ff2936248

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/150108/

Comments