MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35
SHA3-384 hash: 8b1895850b71975262d3819b65aa130266e5c1400abf13c3b5e53ae78e9a25d298505ffb28e47154e3727c8fa2e55bde
SHA1 hash: 73f42fb6a3ae8b8d226e08ba0a571d9eb22c251f
MD5 hash: ae58df2846bbdd6b5b568e137e5cbf20
humanhash: arkansas-friend-leopard-hot
File name:SecuriteInfo.com.Trojan.GenericKD.77477144.3366.17251
Download: download sample
File size:4'537'024 bytes
First seen:2025-10-05 01:17:05 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 027ea80e8125c6dda271246922d4c3b0 (10 x njrat, 7 x DCRat, 5 x DarkComet)
ssdeep 98304:JXwuBticXWvHfW8kLupS+o2qq3bRgeX+Fn9zbBiRpXR8Uj:Jf6HfVkKNH3bRgeOzZK8Uj
Threatray 120 similar samples on MalwareBazaar
TLSH T14A263350BFD1C4F2E072A136A9A8A656E979BC02573CF7CFB3855D2A26301D01216BF7
TrID 89.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.5% (.EXE) Win64 Executable (generic) (10522/11/4)
2.2% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
1.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35.exe
Verdict:
No threats detected
Analysis date:
2025-10-03 20:17:30 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f75204ac-04ba-4bb9-9091-7ee5febdb7b6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30568/
Detection(s):
no reply from clamd
Create hunting rule

Verdict:
Suspicious
Score:
50%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e02f59482d8e84a7ebf4d1
Tags:
injection obfusc spawn
Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for synchronization primitives
Creating a file in the %temp% subdirectories
Enabling the 'hidden' option for files in the %temp% directory
Creating a process from a recently created file
Loading a suspicious library
Creating a window
Searching for the window
Сreating synchronization primitives
Unauthorized injection to a recently created process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
installer microsoft_visual_cc obfuscated packed packer_detected sfx threat
Link:
https://www.filescan.io/uploads/68e1c730c74bd2958b159c5e/reports/40842a54-af62-42c1-9a56-8632766a0832/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_60%
Link:
https://www.hybrid-analysis.com/sample/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35
Verdict:
Clean
File Type:
exe x32
First seen:
2024-07-29T14:31:00Z UTC
Last seen:
2025-10-04T06:07:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/ef74d9db-66e5-42bc-af80-b6254072e89f
Score:
95%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.00 SOS: 0.23 SOS: 0.25 SOS: 0.30 Win 32 Exe x86
Link:
https://app.malva.re/file/ae58df2846bbdd6b5b568e137e5cbf20
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35
Threat name:
ByteCode-MSIL.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-05-12 18:45:53 UTC
File Type:
PE (Exe)
Extracted files:
156
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7ldskysc7dssz3zwqnvwfsw7c3w73yrhz4yvqc4kqzcezoszrq2q._file
Verdict:
malicious
Label(s):
unc_loader_051
Create hunting rule
Similar samples:
0494a9fb7d3360da05ce76def600f533d818465fd625ff765cd15cc65a9b2c07
0d852bfcbc49afecc18e426f7d694597966256d55c225a4ae798a7e98200b5ca
11b320bead835f38bc205fb5a99783f0a2a886fbf510a82e71159bc14bbe4163
4f79aa8d648c5a999fb91196040b6b68db284ba1b892217563df71db9ae477f3
51b3d59d59b618ade2fa6c244a0055219e718d32aaacbc61bf7ab964d0059b51
7b4cab32e99bd70b86b128f7379dd6214fa0021dbc2f8e308d30536837308889
8ea2458e1ff6924354036dedcbf1ee6ae2a406c97f984651b1d6ba9309c3a1e7
9df79042b53c89ea13d9ab6640a3f6ad8f63c64fd9d8683378a96ddc0acc225f
bf4824a776c5dfcc7f11732e6595ad84c56ad67f3918f9a3bf2c285cbc6d034c
error
+ 110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/251005-bnkhvatkt6/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/90b0bb18-4f81-464f-951d-4dca010ddd3a
Unpacked files
SH256 hash:
fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35
MD5 hash:
ae58df2846bbdd6b5b568e137e5cbf20
SHA1 hash:
73f42fb6a3ae8b8d226e08ba0a571d9eb22c251f
Link:
https://www.unpac.me/results/5d51277c-7fbe-469a-b5d5-dbd6ba0655b4/
SH256 hash:
ff8a4102c95ac41331b62813a1859697790fc008052da29f28ab695fddc6702b
MD5 hash:
69f76f1c3c92f0ea101feb9ebcb89a9b
SHA1 hash:
96200065031201eec9b40dc87c3ce218049fda26
Link:
https://www.unpac.me/results/5d51277c-7fbe-469a-b5d5-dbd6ba0655b4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fac7256242f8e52cef36836b62cadf16edfde227cf31580b8a86444cba598c35

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3651201/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/30568/

Comments