MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
SHA3-384 hash: 57ad24f73713fc0630066acd797948994165955efed7dabf7115cdf6d32abb08ded4d23a966b1691053e8967cf6addb1
SHA1 hash: 837fa1865bc36218e075d89111a7c49b36309650
MD5 hash: 2ca608fede7e99d2d6057832b001cca2
humanhash: arizona-robert-georgia-pluto
File name:SecuriteInfo.com.Variant.Tedy.554103.24442.1395
Download: download sample
File size:8'990'360 bytes
First seen:2024-09-15 12:56:57 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 1f23f452093b5c1ff091a2f9fb4fa3e9 (274 x GuLoader, 36 x RemcosRAT, 23 x AgentTesla)
ssdeep 196608:gDN9glqFeFV6UaC8INeCsxXNlYg7BRzCwqhmWYR:gDNYuKV6UaC8cep9DDZCwjXR
TLSH T14C96330718515712ECC19335B5A17EB2CDC5B40558BA6A8B1302FCBA363EF9B7CA9B31
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10523/12/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
File icon (PE):PE icon
dhash icon 4a696ddce4f4f261 (26 x Gozi, 9 x AgentTesla, 3 x FFDroider)
Reporter SecuriteInfoCom
Tags:Adware.FusionCore exe signed

Code Signing Certificate

Organisation:Tim Kosse
Issuer:Sectigo RSA Code Signing CA
Algorithm:sha256WithRSAEncryption
Valid from:2019-02-13T00:00:00Z
Valid to:2022-02-12T23:59:59Z
Serial number: 5d38d8bd64455068c2d1c74088c5e28a
Intelligence: 2 malware samples on MalwareBazaar are signed with this code signing certificate
Thumbprint Algorithm:SHA256
Thumbprint: b610f81c03fb70632f5f3ff4d3482f3c04a7253c55df8ac8db3b43695ecae771
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
366
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Tedy.554103.24442.1395.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=66e6d9a371e91b3281b9f68e
Tags:
Encryption Execution Generic Infostealer Network Other Ransomware Static Stealth Trojan Dealply
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer lolbin microsoft_visual_cc overlay packed shell32 stealer
Link:
https://www.filescan.io/uploads/66e6d9a0800c7315e1c9d315/reports/fa68f1b0-9902-47d5-9551-3b49901500d5/overview
Verdict:
Malicious
Labled as:
Tedy.Generic
Link:
https://www.hybrid-analysis.com/sample/df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
FusionCore Adware
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/340ee8a4-a64f-4bc2-a502-03dcd8445207
Result
Threat name:
n/a
Detection:
malicious
Classification:
spyw.evad
Score:
51 / 100
Link:
https://www.joesandbox.com/analysis/284619
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2019-10-18 02:18:13 UTC
File Type:
PE (Exe)
Extracted files:
916
AV detection:
27 of 38 (71.05%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=35q5ylje6lshlyfis4of2iobyshjkbn6m5yuvl5uv7lhbkwss7rq._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/240915-p6xssavgpm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Loads dropped DLL
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/8ed1cd2d-226c-4142-891a-8eaf0d3a8061
Unpacked files
SH256 hash:
1e40211af65923c2f4fd02ce021458a7745d28e2f383835e3015e96575632172
MD5 hash:
466179e1c8ee8a1ff5e4427dbb6c4a01
SHA1 hash:
eb607467009074278e4bd50c7eab400e95ae48f7
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502
MD5 hash:
640bff73a5f8e37b202d911e4749b2e9
SHA1 hash:
9588dd7561ab7de3bca392b084bec91f3521c879
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
9682d735a6158c1438e56f7db7da3fb918b17573d77464958cd7749b0888529e
MD5 hash:
309d2e9b729e028a159d7fc1688e2811
SHA1 hash:
7865818405d252e7f77b63c5bd8df29417e6086b
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
948998c5c1f9bf5cebff627bc397a4641acc23fb9a3d32650df4ea3d87f68ebb
MD5 hash:
87dde5538ccc83d54d1fef0abc91998d
SHA1 hash:
61809d0b54b8cb91918ea2656bf43cfdbe4cd648
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
MD5 hash:
0d7ad4f45dc6f5aa87f606d0331c6901
SHA1 hash:
48df0911f0484cbe2a8cdd5362140b63c41ee457
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
39b1bf4c55db3872c7c6f08e5764bac2def6faed0fbcc68d6cce5aab61243ec8
MD5 hash:
73bc9c462c0c577d7e5646e8f3c123fc
SHA1 hash:
1e5a5962d2c7b56eb178dbcf0fa0103861674daf
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
2f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
MD5 hash:
adb29e6b186daa765dc750128649b63d
SHA1 hash:
160cbdc4cb0ac2c142d361df138c537aa7e708c9
Detections:
INDICATOR_TOOL_UAC_NSISUAC
Create hunting rule
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
Parent samples :
f5f3e5658f8ec6c1e7ffa7e7d6df06d04af1f3a5941206ce23b8be979c60ccb1
6e22c0f2732195063cb4984c6520c3b85e1236e967f8bb05b3c1b35139d2917b
713a497c8da97c2082758fd31147539f408a72b62041c6c9ed77037021621e94
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
ac142a8087949b5ad4e3a503ca37609845112c4f7e0cd1376669c9d5c8f5cdf2
15d4dbafb6fb1770507db7769b2df6f3857da0ad3203a71c5f82a99688dac2b3
b96862087581adb9ecfb9615a46eedb29d13c606e708b7b532ce6ed3217925a4
4f2e6dc8e4d8e0dfcc44a28d34c10653bd833abb8832e47e609d255f246c67f0
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
60b1aa37a4ac40d5c5adf2de28782976934731408b6c2e89511e1bc5947d5bbd
f7ae58f22cbdeb69318f6cb3ff3757a9888e8731febd66e85ee9938f874705c9
fbfe2108631e3ccaa8db2f5c4439009c7a5a53136481b422236eefe2e48b690f
340b93c76e6f489982a23d2e04df0ad05a03c3d744ecb5badc3c041eca945af2
34a5c9c0106b37687fbdd51a60a026d06e7301ec40b1f7fb49384d8fe748e9e6
503c9fae00b047a77059de8e9ff6dddb6d2584f18ccf6480d69d395c65492ad4
SH256 hash:
9aa388c7de8e96885adcb4325af871b470ac50edb60d4b0d876ad43f5332ffd1
MD5 hash:
9eb662f3b5fbda28bffe020e0ab40519
SHA1 hash:
0bd28183a9d8dbb98afbcf100fb1f4f6c5fc6c41
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
f03be5235ead18366bb6b7360fda57d675444a827f68a41bed6198e197cb276a
MD5 hash:
08796929d6a7e1e8e39d2d0132716176
SHA1 hash:
2ecb6521e4bbef62eb87c1464cc9ea63d63566ce
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
eff6044159e532adc3fdf34f5faa98389c8833b865789da9f565d9cb647e3656
MD5 hash:
199ec40842d5763fe6b6f7b84f71592c
SHA1 hash:
d6de0c03bb7bfb0fd8bc09c97d566e350888c3a9
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
d58e6a48aba6ca1d64fb52e78b3325b136cde8c6499eb59087de4fa809dae60a
MD5 hash:
aa7bf0cab49eb64f52171ebdf8052ec5
SHA1 hash:
ef7f75efe5eb9421c998cdf51bb3aa8ee907debd
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
b79762d9bf76952be12437dc6ba8f8fab000676bd05991373406b694249765ba
MD5 hash:
d7b4fdceefd958f7a523129eb14defac
SHA1 hash:
2c4a596205369462b89187f4731f92cea138c756
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
a23a16911e6fd57b999a515240f7a34b69ef96b7cb847527f10e0e1409e5dc94
MD5 hash:
86ccfee425436abd01be5726daa8b0bc
SHA1 hash:
be2b15772703d59413f5d38b006f4753c742ecbe
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
62cff96660a23a2c3313decbe123ce5daf4301354de97355b6a382f6651344f8
MD5 hash:
c232e5aca854bc8ea050cfa7ddfddba3
SHA1 hash:
64ea163d5037275a7e07686fb4626fe4e65ab007
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
515d9199e2532a6e43561ee85fbc7ef14ace91c9e9b22246212f6c78a5d0bd38
MD5 hash:
661e9e8351d75abf9a05256b05cf1cc4
SHA1 hash:
7cf0ff26c6f2122049aa06fe1d336db10f3ef5e7
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
50d769c7fa8fc389481ed623da4b13afbd1254cfae118e20361566dcaef59c73
MD5 hash:
94c19d17c3be5e972ce0b334dbc97dd8
SHA1 hash:
7242628f30d730d664ac9c223e61cdfb179a4c5b
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
35958532ea4af3b7d99a5c1df0a6355aec483ef92a1fa0b2ac4f9da908320af2
MD5 hash:
fffbc84c22575bd2db0a74776f611d80
SHA1 hash:
cd7f01f880b26118a7e4dd52309fa04ac9776559
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
24889a704d0992228c2e332cc9ddac27babe7101e0b9ec2caab8dd8d846b329d
MD5 hash:
8b1271ea60960ff36ef13bcda7291da8
SHA1 hash:
8ec6dd78cb3e28aaf5c9bb7a933b799cdd746fa8
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
1d01f89cba0c27f453a27a37f7d0137b16bf606be470d2ab35487f0224be3c65
MD5 hash:
daa12d99fcfd794bf64c710967cf8a37
SHA1 hash:
e0885247bc60759043f924d59e1ae04b7ffb04f2
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
1c5fbd0a576fbf9abe5e565f29d07c4b1c357d3acb51805c4da22e5fb2dd1df2
MD5 hash:
7dcfc3de07188d62fb2bd92289983b57
SHA1 hash:
845eee0bfc8684683ad3501d8b9af36941bc7081
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
1c211f1a930b04577d6368ea3a1abbc387e2fef717aaec2a85460a261460b671
MD5 hash:
b315744a41787f976610c881ac88cf9b
SHA1 hash:
e5a7792b8cd2fb74de9819e1ac88ea144ebcc7bc
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
158ef3ecbabe492b41efa838615b67d356f783d4667ebcc8a912f353532b5805
MD5 hash:
1923aae8806568c9e24ad61bd9c7f229
SHA1 hash:
f2f9be328a900f1a708ee15776bf74a775a0b96d
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
137b50d5281c8b96bc8704fa6f7e8affa33279323561aa5c248ef8bfeb7f304d
MD5 hash:
ac337434b00de0a8ff1c18269b1d75cf
SHA1 hash:
6983a81499fb3a8b5af62b971645295553703baa
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
SH256 hash:
df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3
MD5 hash:
2ca608fede7e99d2d6057832b001cca2
SHA1 hash:
837fa1865bc36218e075d89111a7c49b36309650
Link:
https://www.unpac.me/results/10f99d1b-b4b2-4399-8d7e-48383fd1c9d1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_APT29_WINELOADER_Backdoor
Create hunting rule
Author:daniyyell
Description:Detects APT29's WINELOADER backdoor variant used in phishing campaigns, this rule also detect bad pdf,shtml,htm and vbs or maybe more depends
Reference:https://cloud.google.com/blog/topics/threat-intelligence/apt29-wineloader-german-political-parties
Rule name:Detect_Malicious_VBScript_Base64
Create hunting rule
Author:daniyyell
Description:Detects malicious VBScript patterns, including Base64 decoding, file operations, and PowerShell.
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:PE_Potentially_Signed_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sectigo_Code_Signed
Create hunting rule
Description:Detects code signed by the Sectigo RSA Code Signing CA
Reference:https://bazaar.abuse.ch/export/csv/cscb/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe df61dc2d24f2e475e0a8971c5d21c1c48e9505be67714aafb4afd670aad297e3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3173868/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::SetFileSecurityW
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
ADVAPI32.dll::OpenProcessToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileExW
KERNEL32.dll::MoveFileW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments