MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 2 File information Comments

SHA256 hash:	f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29
SHA3-384 hash:	6a1356a2fc9f2c18eb46f952011656fab1cf33b7ff320efc5a1ac712ad3d770b0e3c1493df1ce02bb5492b7658cba50b
SHA1 hash:	26c86c2ba8c330c15feaf8239e6cab9b6d0fb175
MD5 hash:	77738c9b272dfac227cb3d73acb16681
humanhash:	nineteen-tennis-blue-blue
File name:	77738c9b272dfac227cb3d73acb16681.exe
Download:	download sample
File size:	7'110'656 bytes
First seen:	2023-01-15 14:32:46 UTC
Last seen:	2023-01-15 16:37:07 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	419fc7019f5b3c0af2e7a66bd0e1a464
ssdeep	98304:3q5PGrEMATkU62GSCmuTRvLVUcwZMkFxtMkFx+MkFxGMkFx1MkFxyMkFxmMkFxyv:3twyzzZwvoMjkI0JVf
Threatray	149 similar samples on MalwareBazaar
TLSH	T1DA66CF13F201C476D13D197064B693396A35EEB60E288A87F7D4FEBD6D336718A6220D
TrID	33.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 17.6% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 14.0% (.SCR) Windows screen saver (13097/50/3) 11.2% (.EXE) Win64 Executable (generic) (10523/12/4) 7.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
File icon (PE):
dhash icon	69ccebaaaab2cc69
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

183

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

77738c9b272dfac227cb3d73acb16681.exe

Verdict:

No threats detected

Analysis date:

2023-01-15 14:41:27 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a7325887-3659-4622-bdec-66a443de64a6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/353127/

Detection(s):

SecuriteInfo.com.Variant.Fragtor.193051.25950.21393.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

6/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/60469/overview

Behaviour

MalwareBazaar

CursorPosition

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm banload blackhole coinminer flystudio greyware keylogger packed shell32.dll update.exe

Link:

https://www.filescan.io/uploads/63c40ea2d392ce333bdfba2e/reports/9b7cfef6-6fc2-48d7-96e4-3e35948992b8/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Generic Malware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5f56f420-5f05-4026-9819-100654b2330f

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

76 / 100

Link:

https://www.joesandbox.com/analysis/1151938

Signature

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Machine Learning detection for sample

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2023-01-14 15:26:03 UTC

File Type:

PE (Exe)

Extracted files:

144

AV detection:

21 of 26 (80.77%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=6o3vjozes4nz6phq7g7kfax7rdhb2txw7e2xjsydajbijg4w7muq._file

Verdict:

malicious

149741274dbc5dc82d83766d39bcfb918f8ac5757e0002b1ab5c56f6e6648074

37d8e1ce3b6e6488942717aa78cb54785edc985143bcc8d9ba9f42d73a3dbd7a

4c19c15867d67267bd79c9304bcdfb4ddb894b4d79cf6e127ba4336ad67ba884

638d840d131eda4e2af96e320cebb35c9b3c660c94faa8f74d239daa1e2d3810

7b4cf9f048c369e0c4c26cb10eea84b05c255c85267488b55bf8c01c8b324b62

9060657f35eb689bb66161775fd786d3b9f1f9eb11ab8c65cd3c1eb2b372466d

a0ce738eba1a792b2746c50081ebb84a4f7054ee5f3b1a9651d5d385615eb933

bd0d884649509aece899372e0bea6f6dbe833b463e35206753dae69a0bc60632

+ 139 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/230115-rwvlsafh96/

Behaviour

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Program crash

Unpacked files

SH256 hash:

f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29

MD5 hash:

77738c9b272dfac227cb3d73acb16681

SHA1 hash:

26c86c2ba8c330c15feaf8239e6cab9b6d0fb175

Link:

https://www.unpac.me/results/8940d21e-60f4-4c0b-9486-9cc44c5e2da4/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	without_attachments Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the no presence of any attachment
Reference:	http://laboratorio.blogs.hispasec.com/

Rule name:	with_urls Create hunting rule
Author:	Antonio Sanchez <asanchez@hispasec.com>
Description:	Rule to detect the presence of an or several urls
Reference:	http://laboratorio.blogs.hispasec.com/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe f3b754bb24971b9f3cf0f9bea282ff88ce1d4ef6f93574cb030242849b96fb29

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2431574/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/353127/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample