MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efbfaa4b6724b098aa4f0a844f1d4650d330026188a206fdaa266fda181a1e63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: efbfaa4b6724b098aa4f0a844f1d4650d330026188a206fdaa266fda181a1e63
SHA3-384 hash: f2ce360c6418e90816509b2727a0628b6bbacf83636c2ee7fd091347c51ead7ff0b7ff83953593e356117884270851e7
SHA1 hash: b9299410ab95acdbae4153f879fd8c32d00f79f6
MD5 hash: 68a92f9738e1c21181f34a9022fe21a8
humanhash: ten-dakota-fruit-fish
File name:68a92f9738e1c21181f34a9022fe21a8.exe
Download: download sample
File size:3'595'903 bytes
First seen:2022-02-07 14:43:21 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c284fa365c4442728ac859c0f9ed4dc5 (94 x RedLineStealer, 10 x RaccoonStealer, 8 x CoinMiner)
ssdeep 49152:bMs6Ab1k0qg9A18tglhqJuSwyPTq7I9JLbphGmvy3gqeTuLqz/0LDEQso1NSvEM6:bMs/kk9A18tgqJuS7R9xvkewQ0LLbAdg
Threatray 1'203 similar samples on MalwareBazaar
TLSH T133F533A343FA68B7D580A6391664573430DD5C44AA7E98D1AAB3C2B7B7B1106FC0C3F8
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
111
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/235858/
Detection(s):
PUA.Win.Packer.Asprotect-3
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Searching for the window
DNS request
Sending a custom TCP request
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/620130344077c8b9a01b5d37/reports/40baef28-aa28-48e0-b83a-2e9e812bd4b1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/1bc9a8cf-545d-428c-b0d4-2e9d4b0ee3ad
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/935426
Behaviour
Behavior Graph:
n/a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/efbfaa4b6724b098aa4f0a844f1d4650d330026188a206fdaa266fda181a1e63/
Threat name:
Win32.Trojan.Fragtor
Create hunting rule
Status:
Malicious
First seen:
2022-02-07 14:44:24 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
29 of 43 (67.44%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2e1c65ba7dcbd574aa70123733a3a6239560de434d0602b693733482555c0b14
360476af17c5cdf83f2e5157d4b22bc72c2ca1be73b7912d3b323a965569fbdb
3b5c0c30f34973d6fd680ef62e168b8af4683a3d7f3efd4bd58bf47e33290352
4951979c61129c8e58a18dfa428d3a0fa872f6b9c28101aa5d12d4c71fa45ced
5017901794c5147a06624b1f03292d87b0dfd6662569ce397fad912369c583b1
65e1b0c6a10c22d7e4c830f9b303df7014da985b3a2eb82d210b84faed8f7d19
7f29e92787b0c1f4146e09aeed12b6ba1689dbf55ff37851d81cd02dbf9e3484
c6c30a8dcab3aebcb959c3ac9d68f26d5905f4a46450e9f1013b0af34a1cc715
cb4bb9e70038e5598d3fca708d5acea48827b91bf5f919345bce27da33bdb5c2
d19c22fa99afdf39746a775736de31f8e39748287ee38f33e9fb3912129991de
+ 1'193 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/220207-r3686adcf3/
Unpacked files
SH256 hash:
efbfaa4b6724b098aa4f0a844f1d4650d330026188a206fdaa266fda181a1e63
MD5 hash:
68a92f9738e1c21181f34a9022fe21a8
SHA1 hash:
b9299410ab95acdbae4153f879fd8c32d00f79f6
Link:
https://www.unpac.me/results/7a8800c6-8afe-4eb7-8446-c247f86651a3/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe efbfaa4b6724b098aa4f0a844f1d4650d330026188a206fdaa266fda181a1e63

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/1997354/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/235858/

Comments