MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

FinFisher

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954
SHA3-384 hash:	44256eb3dd6f419f833379caeaed69483b9b5a9bf9ece3a0b077af70d10bbfa0ee9d19d65f87d13d7a7c1c6a53d8d912
SHA1 hash:	b22803b204080dcd861e2debadea76cf2fd8b99c
MD5 hash:	31f1d208ee740e1fdf9667b2e525f3d7
humanhash:	bravo-august-high-carolina
File name:	f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954.bin
Download:	download sample
Signature	FinFisher Create hunting rule
File size:	2'738'679 bytes
First seen:	2021-09-28 16:06:10 UTC
Last seen:	2021-09-28 17:08:11 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	00be6e6c4f9e287672c8301b72bdabf3 (116 x RedLineStealer, 70 x AsyncRAT, 55 x AgentTesla)
ssdeep	49152:AVKOBfJXA6rO+24f3TJA5RhU6UK4tNg0ZTw3Km8Igr8bvz1L7lOru5/cTomv/x8:eKOBfKMO+2wTJA5RMaqk3Km8Igr8r1mE
Threatray	6'189 similar samples on MalwareBazaar
TLSH	T1D0C5220D7B8140B2C4920B324871B750EBFC686009F89F4BFB674B689A7B49CE765ED5
File icon (PE):
dhash icon	b3b3b371716b93b3 (25 x CryptOne, 12 x RemcosRAT, 6 x RedLineStealer)
Reporter	Arkbird_SOLG
Tags:	exe FinFisher FinSpy

Intelligence

File Origin

# of uploads :

2

# of downloads :

183

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

1

File name:

f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954.bin

Verdict:

No threats detected

Analysis date:

2021-09-28 16:09:28 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a4cd6eea-af1b-4afd-a6b5-16583fe8a4b8

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Finspy

Link:

https://www.capesandbox.com/analysis/192673/

Detection(s):

SecuriteInfo.com.Trojan.GenericKD.37616900.16835.27086.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Connection attempt

Sending an HTTP POST request

Creating a window

Searching for the window

Malware family:

BlackOasis

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/5a65ecae-4ea8-4ab9-924a-26ceb70d9e1d

Result

Threat name:

Unknown

Detection:

malicious

Classification:

n/a

Score:

54 / 100

Link:

https://www.joesandbox.com/analysis/860024

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954/

Threat name:

Win32.Backdoor.Finfish

Status:

Malicious

First seen:

2019-11-29 19:25:00 UTC

AV detection:

6 of 28 (21.43%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

2d1d2cd3f3cbce923d3db88aa44212210da57e9e032e2ff4a1766fe51ff1255e

5cbafb76c6a0e930414647523ffb4abe9d9ab7f41270ddf4c4ef5d9fd1f39346

6c8131fc986f9477582f43530e0bdc660887285c83360c52e6b68876a57dc9b0

6d915396aa09593693247c54c4a91feea691dc6e5f4ff234791a6193d2b5ac1b

7416875c44dab7adebe7e6809228adabe17c38abae4bf9c6d49c72fd967621e4

8060ecf4c1dc957aefdbfc835361541af83a9e5d6433f5abb073477c59f16e4c

91b886840c7f674d17b48e5d2264228a55fe0f28e32e102c84dad5cca49ed807

b8338eda2c7390860da3bd4a37104b409235131406d9b4d30a78b5d4189cf317

bf375d5c15abb5c57b0cc3371a3537b79560fe82b1aff486afde752e05971ebb

+ 6'179 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/210928-tkjq9acca6/

Behaviour

Modifies Internet Explorer settings

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Unpacked files

SH256 hash:

f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954

MD5 hash:

31f1d208ee740e1fdf9667b2e525f3d7

SHA1 hash:

b22803b204080dcd861e2debadea76cf2fd8b99c

Link:

https://www.unpac.me/results/e1fd4182-018b-4ca5-be4c-92a27d68dc3c/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/f5c245bd4d7eb95f9a2afde8960ef9c9640ad426a8e438b52caca1541b928954

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://securelist.com/finspy-unseen-findings/104322/

Cape

Cape

https://www.capesandbox.com/analysis/192673/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample