MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 efcc68db0a86c354b9d0fbb797692eb006116fd7e5277e4cabbee6a654e9e394. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	efcc68db0a86c354b9d0fbb797692eb006116fd7e5277e4cabbee6a654e9e394
SHA3-384 hash:	f8fa1fd1da82d96e5ce3807397b2b6cd46961165b10dc48629a7b336e83a3700c0bb9adbfc22c042c5b2fbe8f6d86280
SHA1 hash:	7001aca73dec9c7021f2461dddb5e1c59fbad705
MD5 hash:	5b2e6d9ed84cacb7c1e8d1b1d90214a3
humanhash:	minnesota-finch-hotel-november
File name:	SecuriteInfo.com.Variant.Zusy.445327.6800.30147
Download:	download sample
File size:	131'072 bytes
First seen:	2022-12-18 13:28:47 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e85508dfe798dc480467052fa273374d
ssdeep	1536:dKxc4RtWJO//IFKnRkfJg29k0SBfN1XLqs8KMBC2iaCD2xenYT8Ji1dytJivnSq+:8l/QHSBfnLh8fU2zq5JinzcmU5Go
Threatray	9 similar samples on MalwareBazaar
TLSH	T173D36C2471D0C272D915107647A6CF71493A7C382E129ECB6FC90AF50F79DE6DB2A38A
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10523/12/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

165

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

SecuriteInfo.com.Variant.Zusy.445327.6800.30147

Verdict:

No threats detected

Analysis date:

2022-12-18 13:31:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/5dc194ef-bbf9-4fd6-a3b1-fa35f956648a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/347609/

Detection(s):

SecuriteInfo.com.Variant.Zusy.445327.6800.30147.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Verdict:

No Threat

Threat level:

2/10

Confidence:

100%

Tags:

greyware shell32.dll

Link:

https://www.filescan.io/uploads/639f159f69a7dbdd1d8a2241/reports/ecf43fcb-f63a-4946-8b85-6c2018148839/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/8f23d52e-4a13-45c1-b51e-ec61bad2e1e5

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1136569

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/efcc68db0a86c354b9d0fbb797692eb006116fd7e5277e4cabbee6a654e9e394/

Threat name:

Win32.Trojan.FormBook

Status:

Malicious

First seen:

2022-12-18 11:06:13 UTC

File Type:

PE (Exe)

AV detection:

18 of 26 (69.23%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=57ggrwykq3bvjooq7o3zo2jowadbc36x4utx4tflx3tkmvhj4oka._file

Verdict:

malicious

Similar samples:

2846ca6292a8d985cc30fd1a8b6cd626da21f2dd6e4b3138229a1ada9f2f79b9

78209b6f468f6077142e45f3a21806bd36c47897d63124439b85d73aeffd028b

889c2ec3e88c2a47de4bcc6d88cb74d21a01088330fb240788c81968ba16155b

8beb70d99ea56763a805fe4152ad7c1ad8237c67fa8c27bd4fad4d1ee265e46a

e736927372d65401306e5deda3e516c24a1f52641862034847218d3923993ed3

ebbad6fe23e96ccf9e5667e59d87dab75add4b9c6bb5340b5143b1c0eb3db1a3

f69d7601134fb94a23b3273ed59c85bd5b7847f612e878f1b5c0471e0fb6e7ee

fb27645c5ba18a9e7e61876df54e4220c89cfdea419892dc08c32a9a7fe9b443

ffda7e756dd083ce87c1dc9b9160e8223731dc35cdbf398415e8f1d8c38f9365

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/221218-qq8e1seh71/

Behaviour

Suspicious use of WriteProcessMemory

Program crash

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/52242a54-6adf-4a26-a886-5e8ad26af125

Unpacked files

SH256 hash:

efcc68db0a86c354b9d0fbb797692eb006116fd7e5277e4cabbee6a654e9e394

MD5 hash:

5b2e6d9ed84cacb7c1e8d1b1d90214a3

SHA1 hash:

7001aca73dec9c7021f2461dddb5e1c59fbad705

Link:

https://www.unpac.me/results/3b4a1426-23b5-4f8a-9339-acfa85d84f3e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/efcc68db0a86c354b9d0fbb797692eb006116fd7e5277e4cabbee6a654e9e394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

Cape

https://www.capesandbox.com/analysis/347609/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample