MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2
SHA3-384 hash: 5b59a1251f77fdb27791cac7c7b0d36e91479e964d36bddcd673606ed81b75dce7a550ed8a78ade4367d25a328b0dde9
SHA1 hash: 7e3239ad22d845a76317a3be40971a957c1f6562
MD5 hash: f55674f7ad33caa4bf4377703635a560
humanhash: sink-asparagus-mississippi-georgia
File name:f55674f7ad33caa4bf4377703635a560
Download: download sample
File size:1'089'486 bytes
First seen:2021-07-06 19:23:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9ad22365520b11a0847833f100aa3244
ssdeep 24576:3IJla39cGH0dc4sOlQCzA1abH9RKP3QUxq8mB:Alq9ih2sQaL9RKP3q
Threatray 6 similar samples on MalwareBazaar
TLSH 8635E011F7914878D076C434CA638613DAB2B8DA0FA4EADF239492691F777E45B3E720
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
f55674f7ad33caa4bf4377703635a560
Verdict:
Suspicious activity
Analysis date:
2021-07-06 19:26:09 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/217d1ea3-afb9-460e-8ef3-776520c94d3c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/170071/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.12380.32234.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ce62381e-54b0-4d34-bded-08b5dbff2f95
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/812541
Signature
Creates processes via WMI
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 444952 Sample: YfVFUCA5Cn Startdate: 06/07/2021 Architecture: WINDOWS Score: 60 23 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->23 25 Multi AV Scanner detection for submitted file 2->25 7 YfVFUCA5Cn.exe 2 2->7         started        process3 signatures4 27 Creates processes via WMI 7->27 10 YfVFUCA5Cn.exe 5 7->10         started        13 conhost.exe 7->13         started        process5 file6 17 C:\Users\user\AppData\Local\Temp\axhub.dll, PE32 10->17 dropped 19 C:\Users\user\AppData\Local\Temp\libEGL.dll, PE32+ 10->19 dropped 21 C:\Users\user\...\eventlog_provider.dll, PE32+ 10->21 dropped 15 conhost.exe 10->15         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2/
Threat name:
Win32.Trojan.Fugrafa
Create hunting rule
Status:
Malicious
First seen:
2021-07-06 15:38:52 UTC
AV detection:
11 of 29 (37.93%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
361dc084efc29ddc0a837710fc28a872389e3a61413e5c82fcbefc1906c7b29f
a6e2d6db4f376331a5a38448eaaff714a6283e40b7560cb197c767cdc9da7095
a8453c683bababb0d92e62bd37a77763688d25582a10caf19f9c4d069e0c3c3a
a896d938f2ec1a5384aa5f1b1d73c4141fc601e824972c60b6634bc9b1e7c1a0
add3d9d0cc55330be20a344067c55a2e3f601c300458bfa66c1fa64773af967c
fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210706-vqdk2rz3j2/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Unpacked files
SH256 hash:
e7ea471d02218191b90911b15cc9991eab28a1047a914c784966ecd182bd499c
MD5 hash:
7f7c75db900d8b8cd21c7a93721a6142
SHA1 hash:
c8b86e62a8479a4e6b958d2917c60dccef8c033f
Link:
https://www.unpac.me/results/d8df44ec-9df9-42ec-a9ac-c92e57b99709/
SH256 hash:
dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2
MD5 hash:
f55674f7ad33caa4bf4377703635a560
SHA1 hash:
7e3239ad22d845a76317a3be40971a957c1f6562
Link:
https://www.unpac.me/results/d8df44ec-9df9-42ec-a9ac-c92e57b99709/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe dfb623130e2f62ddd28a5b9914f898e539d31507d4a2bdbe6b60fc6d23f6dec2

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1431649/
Cape
Cape
https://www.capesandbox.com/analysis/170071/

Comments


Avatar
zbet commented on 2021-07-06 19:23:46 UTC

url : hxxp://b.xyzgame.cc/userf/29/75ea29fa298dc771e62cf0500e3c0a1d.exe