MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb0c9d69107869c43801436bc334dfc6c30869ba6b83bcb3dfb68f1e0856df75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb0c9d69107869c43801436bc334dfc6c30869ba6b83bcb3dfb68f1e0856df75
SHA3-384 hash: 15a5462cf4f40e07ef563ef0c240072bd23585427d3311fa82ec5d84f7a2e52ecbcd6aed234e2ad1d2ffc85fe7228bf3
SHA1 hash: f3c6280952e979d9373275cc2de666102ed5bcd3
MD5 hash: 445a1ecdf18634aa217fdc8b2b1e5514
humanhash: single-zulu-zulu-aspen
File name:Setup(German).exe
Download: download sample
File size:29'986'816 bytes
First seen:2021-05-11 08:46:08 UTC
Last seen:2021-05-11 09:57:49 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 79f21fab893932007e377cdaa67dbe0f
ssdeep 786432:0s7ArAist3aWAyTNKbi7y5kwCAyJR1tGT:0FkXFahJayOwCAyJR1+
TLSH B9673382B5D180F1E6571570403F373A7ABA5B164A22DB8B3B58CE3D6C332416E397B6
Reporter GovCERT_CH

Intelligence

File Origin
# of uploads :
2
# of downloads :
105
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://www.die-kraft-der-natur.ch/files/setup_hk_german__2021.1.rar
Verdict:
Malicious activity
Analysis date:
2021-05-11 07:12:46 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/95f5ebe9-3b4b-4859-806a-b08840bd4aa1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Result
Verdict:
Clean
Maliciousness:
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/778426
Signature
Detected VMProtect packer
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Gathering data
Threat name:
Win32.PUA.FlyStudio
Create hunting rule
Status:
Malicious
First seen:
2021-04-05 16:13:30 UTC
AV detection:
15 of 29 (51.72%)
Threat level:
  1/5
Verdict:
malicious
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/210511-avjbxjhbfe/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
NSIS installer
Enumerates physical storage devices
Loads dropped DLL
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
FlyStudio
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb0c9d69107869c43801436bc334dfc6c30869ba6b83bcb3dfb68f1e0856df75

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:IceID_Bank_trojan
Create hunting rule
Author:unixfreaxjp
Description:Detects IcedID..adjusted several times
Rule name:Ping_Del_method_bin_mem
Create hunting rule
Author:James_inthe_box
Description:cmd ping IP nul del

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

Executable exe fb0c9d69107869c43801436bc334dfc6c30869ba6b83bcb3dfb68f1e0856df75

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments


Avatar
a̵c̵c̸i̵d̷e̵n̷t̴a̷l̴r̵e̷b̸e̴l̸ commented on 2021-05-11 09:08:59 UTC

============================================================
MBC behaviors list (github.com/accidentalrebel/mbcscan):
============================================================
0) [B0001.025] Anti-Behavioral Analysis::Software Breakpoints
1) [B0001.032] Anti-Behavioral Analysis::Timing/Delay Check GetTickCount
2) [B0009] Anti-Behavioral Analysis::Virtual Machine Detection
3) [B0012.001] Anti-Static Analysis::Argument Obfuscation
4) [F0001.002] Anti-Behavioral Analysis::Standard Compression
5) [F0002.002] Collection::Polling
7) [B0030.002] Command and Control::Receive Data
8) [C0001.006] Communication Micro-objective::Receive Data::Socket Communication
9) [C0001.001] Communication Micro-objective::Set Socket Config::Socket Communication
10) [C0027.009] Cryptography Micro-objective::RC4::Encrypt Data
11) [C0028.002] Cryptography Micro-objective::RC4 KSA::Encryption Key
12) [C0060] Data Micro-objective::Compression Library
13) [C0026.002] Data Micro-objective::XOR::Encode Data
15) [B0023] Execution::Install Additional Program
16) [C0049] File System Micro-objective::Get File Attributes
17) [C0051] File System Micro-objective::Read File
18) [C0052] File System Micro-objective::Writes File
19) [E1510] Impact::Clipboard Modification
20) [C0034.001] Operating System Micro-objective::Set Variable::Environment Variable
21) [C0036.004] Operating System Micro-objective::Create Registry Key::Registry
22) [C0036.003] Operating System Micro-objective::Open Registry Key::Registry
23) [C0036.006] Operating System Micro-objective::Query Registry Value::Registry
24) [C0036.001] Operating System Micro-objective::Set Registry Key::Registry
25) [C0040] Process Micro-objective::Allocate Thread Local Storage
26) [C0017] Process Micro-objective::Create Process
27) [C0038] Process Micro-objective::Create Thread
28) [C0054] Process Micro-objective::Resume Thread
29) [C0041] Process Micro-objective::Set Thread Local Storage Value
30) [C0018] Process Micro-objective::Terminate Process