MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402
SHA3-384 hash: 3cd2c28623cbec0ea7c9d6aff6c7f20a7eb2d1db9cd423a7a0bc83f821ac15e3640a9d4d1b4437051f22dc7fa797e4f4
SHA1 hash: a5fb645da178b96eb7a4ed961ea028aa9701833e
MD5 hash: 3a8cecb3973c617dcf0c4d187233bfdc
humanhash: four-quebec-stairway-moon
File name:3a8cecb3973c617dcf0c4d187233bfdc.exe
Download: download sample
File size:524'288 bytes
First seen:2024-12-10 13:06:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 6144:RVrd5kVToxWoLnY+v+a9s3ZVzK2ifMOk6LsZVx18twSb8i8CX/CRsMRrtErQDis4:ndykzvz9s3ZVsS6sp7fClMK4nW
TLSH T130B4DA92650572CFD4DE63B49A37CE91685F47F943200A03AC6DB6BF7DA3C841A46C3A
TrID 52.9% (.EXE) Win32 Executable (generic) (4504/4/1)
23.5% (.EXE) Generic Win/DOS Executable (2002/3)
23.5% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
406
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Win.Packed.Zusy-10036805-0
Create hunting rule

Win.Packed.Zusy-10037550-0
Create hunting rule

Win.Packed.Zusy-10037551-0
Create hunting rule

Win.Packed.Zusy-10037840-0
Create hunting rule

Win.Packed.Zusy-10038404-0
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67583dc348182d168557d38b
Tags:
shellcode corrupt virus
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
overlay packed packed packer_detected
Link:
https://www.filescan.io/uploads/67583d0508cfeeff58313521/reports/73628cea-3543-47ec-ba21-6d7f10e716c6/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
FRAPS
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c4c68430-bb81-452e-add1-29dd7ea730fc
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1572382
Signature
AI detected suspicious sample
Machine Learning detection for sample
Multi AV Scanner detection for submitted file
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6lofatddezuvftenkwusuio532txuxvs25anpit7vdglgbejwqba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241210-qcm7xswlg1/
Verdict:
Malicious
Tags:
Win.Packed.Zusy-10036805-0
YARA:
n/a
Link:
https://app.threat.zone/submission/19b0c89d-df4c-400a-895a-7ca071904f51
Unpacked files
SH256 hash:
f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402
MD5 hash:
3a8cecb3973c617dcf0c4d187233bfdc
SHA1 hash:
a5fb645da178b96eb7a4ed961ea028aa9701833e
Link:
https://www.unpac.me/results/eacb0694-122b-4123-ae62-46f243c93d8f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f2dc504c63266952cc8d55a92a21dddea77a5eb2d740d7a27fa8ccb30489b402

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3337980/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (NX_COMPAT)high
CHECK_NXMissing Non-Executable Memory Protectioncritical

Comments