MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e
SHA3-384 hash: d2430c76c613faa70fda3e0884c4259b757200984ae79fb3f8aa23aec099fb0ccbc53aba03ace675fabba255601fd4b6
SHA1 hash: 52b4599dcdec04ca12d4c7e84c1234a8945277ee
MD5 hash: 3f3ba024d3f8912be5c5b72bd21d3721
humanhash: whiskey-illinois-zulu-autumn
File name:3f3ba024d3f8912be5c5b72bd21d3721
Download: download sample
File size:9'035'511 bytes
First seen:2021-11-21 11:27:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b4070734502a100c8f90bbd445995533 (11 x CryptOne, 5 x DCRat, 2 x njrat)
ssdeep 196608:YdAfFCoICIdLIa1WniGSH/dGI42EolTelpp9ThtikzEQgYKYf:Y6bICSLIa1wAH/dGI4baTep9hskzwG
Threatray 1'039 similar samples on MalwareBazaar
TLSH T178963323569069B1C0911CB6497ADE7098BEFE10AB27D8EF43D12DABFD3C9D2497C244
File icon (PE):PE icon
dhash icon 0000000000000000 (872 x AgentTesla, 496 x Formbook, 296 x RedLineStealer)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
93
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3f3ba024d3f8912be5c5b72bd21d3721
Verdict:
Malicious activity
Analysis date:
2021-11-21 11:28:18 UTC
Tags:
trojan
Link:
https://app.any.run/tasks/146789d4-edd3-43ab-a9a9-dac754c18599

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.PWS.Siggen3.5557.28569.25178.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Searching for the window
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Creating a process from a recently created file
DNS request
Sending an HTTP GET request
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a recently created process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware meterpreter overlay packed
Link:
https://www.filescan.io/uploads/619a2d4594a88037d2fc5798/reports/545113cc-2932-483b-ba66-aeceb57c5c61/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/85abd276-171f-47eb-85e6-258fe6cfe778
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/893276
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e/
Threat name:
ByteCode-MSIL.Trojan.Zilla
Create hunting rule
Status:
Malicious
First seen:
2021-11-15 22:01:11 UTC
AV detection:
17 of 27 (62.96%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
1a3736d0a59836c3feecb448a77c4ab269dbd29df9de58ef81070129e248eb6c
3b28cef3fbfcc3a04ec60110dc57b789425a4bab6b7be57e20b7bbd08783e043
41f7f900d07f07c3f6d9d8aba51633b84766f7afe166505ac25a1bc5854f5f4a
4f21ab65d432de2cf873d496e6a54514e12c62f4cc12623cab84f001b7380cb2
6112f44b8cf74d6b41fce94eb324b518c2cc3051a7aee076c904735ec8d34365
6208bcf39112f17ddce04ccc8eafa989009cf857f9adac40345dadd8863a0850
a5a4d88e2fe16d319aef6f7550ca2379d253a943d467dedc21e7ea3deb19410e
a75a498d8ec7bf58a12c07fac6ad98c5581a422cca03fa3ca87b01677f37247e
aa5e9ff271143c3cd205988c3100f1bb844d70d2930f04a2b2002e9c0951a74e
ce231785f06d7c6b33b20dded67b62f759ec23b23bee89b01fcb00953f7028c9
+ 1'029 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/211121-nk1rwaggf9/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
71f615d7a9ea898101eea14c63bd897c9c0333af6650104aa45a0033714d5f76
MD5 hash:
ee863bcd408982a5c00e2c91776810e8
SHA1 hash:
b474f3165d37733b886cea7031c0e8f5ca8ede29
Link:
https://www.unpac.me/results/44742566-6346-4e4a-9a8a-499a057a3331/
SH256 hash:
e3d8de68ec316c3b1601b48fa6180ce75f3024575b81b1fbbf0004689d2f698f
MD5 hash:
8ffd0e5acbeb1203b3c90349faaf7bbf
SHA1 hash:
69247cdbbcf718ce0a2e1d97d1cd6790c07ea64a
Link:
https://www.unpac.me/results/44742566-6346-4e4a-9a8a-499a057a3331/
SH256 hash:
f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e
MD5 hash:
3f3ba024d3f8912be5c5b72bd21d3721
SHA1 hash:
52b4599dcdec04ca12d4c7e84c1234a8945277ee
Link:
https://www.unpac.me/results/44742566-6346-4e4a-9a8a-499a057a3331/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f854fcbb551c3263588a5bab749800ac92b994ab159c385a224962c44e6fec0e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1803133/
Cape
Cape
https://www.capesandbox.com/analysis/207886/

Comments


Avatar
zbet commented on 2021-11-21 11:27:36 UTC

url : hxxp://freegdz.ml/reaper.exe