MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1
SHA3-384 hash: 68a10a2df1427df1742c3dd2dab4fd10245137941fd009b53aab507b8ef28ebd232509a845770edc53835066fa76833a
SHA1 hash: de4ce38dd92032b29725e0af37dc7729b889093f
MD5 hash: 6b8a56aaaff3a59d7be12e8a94acf3ff
humanhash: romeo-delaware-may-uniform
File name:6b8a56aaaff3a59d7be12e8a94acf3ff.exe
Download: download sample
File size:1'449'844 bytes
First seen:2023-07-20 07:03:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 91e96141ed5dbe3bc541c8aad7ff3c38 (22 x CryptOne, 7 x njrat, 5 x DCRat)
ssdeep 24576:JLllLl7tEtqOdin2SBRfJNa5YIQbIJ4Ot+BsYY8zGmTka3jEjddoAPGK:hllL8qfnM5YZUt5IGxaITXJ
Threatray 57 similar samples on MalwareBazaar
TLSH T1E96522207AC1C870E47615356AE4AB32BB7ABD31177A4ECB43445E5F8B310E1DE26B63
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4505/5/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
233
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
6b8a56aaaff3a59d7be12e8a94acf3ff.exe
Verdict:
Malicious activity
Analysis date:
2023-07-20 07:04:58 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c3d0d4f5-5fe5-46b4-926d-205d23ee6c21

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/425785/
Detection(s):
SecuriteInfo.com.Variant.Fugrafa.267521.30514.22927.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
greyware lolbin overlay packed replace setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/64b8dc647a9c6ddebf0bd721/reports/f364aea4-9205-42ea-957e-48608777f5dd/overview
Verdict:
Malicious
Labled as:
Trojan.Agent
Link:
https://www.hybrid-analysis.com/sample/fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/92273ca2-fd8d-453d-a7ea-2e20992c5648
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1276493
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1/
Threat name:
Win32.Trojan.RedLine
Create hunting rule
Status:
Malicious
First seen:
2023-07-19 17:53:46 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
20 of 25 (80.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7kmiiui2gk5zqamgbpek5zod7vai25t7oz3onjkpwztnqp74qlqq._file
Verdict:
malicious
Similar samples:
014e574ce2454214c7aa61d94ebb9be669ead513d2bb60b9fdf527907c088792
22d63c0ca31019e77eb995fed035cac211e6d82e24e6d54105e26adc0c2d0373
278305d714746ff033e5b15a7b93a26ec56fbf9f32a8b0cd036b352667fe8c34
3d46e0a434a318139ea0d258b25d1aeb6675c1221fced184970b0f5e59e76cbd
6aa12fc8b880af7f1ba4edc944be0cc79a0cc4b58adc5439c4263870531b61d2
81c2ce98187e55391b67b181ba9f4e26ff2593bef4a02aefa46fe602b3c48381
9eabc737fcd4b9e3ee124a01cc30943e31d92a64e177be4e096d42b85359fe17
de4cd2e5d0d0969ef21f93c4f33dad620c8383b24d2dd8c361403d69b20178f0
e4c701c10cc4eeceb1e344e31e05eda5683d40ccb39e0b8473d7750227287063
+ 47 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230720-hvxv3sdh3w/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1
MD5 hash:
6b8a56aaaff3a59d7be12e8a94acf3ff
SHA1 hash:
de4ce38dd92032b29725e0af37dc7729b889093f
Link:
https://www.unpac.me/results/9ece30cb-d1e7-4eb2-918c-dd3832712358/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fa9884511a32bb9801860bc8aee5c3fd408d767f7676e6a54fb666d83ffc82e1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2685099/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/425785/

Comments