MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb37815904e7bd9b4d995fa13ce852db1e7ad0c522565cb52a8f1c1d3804d439. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb37815904e7bd9b4d995fa13ce852db1e7ad0c522565cb52a8f1c1d3804d439
SHA3-384 hash: 38efeac4e21e6bf0e4fe49d99379cb336c335543fbb5cac749d8f2ccbeb9367e0a063a7d8137f37e906e81e09ee223cf
SHA1 hash: d1656ee8dbbff504d5e897d9bd2a5d3502fc00a1
MD5 hash: a83ef7e3fec2fe13a90dc562f83d5cbc
humanhash: speaker-lemon-vermont-lake
File name:a83ef7e3fec2fe13a90dc562f83d5cbc
Download: download sample
File size:3'330'050 bytes
First seen:2020-11-17 14:11:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash ef3fd1c1a81435e51fcc42212e25d2ec (7 x Reconyc)
ssdeep 49152:GXCi4CqbsC8wBcFhnD7MfBmseyXq9op66BcFhnD7MfB6:GXC70NwBoJWBmseSdBoJWB6
Threatray 85 similar samples on MalwareBazaar
TLSH 87F5E0869F9266AEF5210BFDF140201613116CE8BF5DA79DF05CB2D6BC86922F488D4F
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Packed.Malwarex-9752557-0
Create hunting rule

Win.Packed.Malwarex-9752559-0
Create hunting rule

Win.Packed.Generic-9753978-0
Create hunting rule

Win.Packed.Ceeinject-9756739-0
Create hunting rule

Win.Packed.Dridex-9752464-1
Create hunting rule

Win.Packed.Dridex-9752667-1
Create hunting rule

Win.Packed.Dridex-9753051-1
Create hunting rule

Win.Packed.Generic-9760762-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Launching the default Windows debugger (dwwin.exe)
Replacing executable files
DNS request
Sending a custom TCP request
Creating a file
Moving of the original file
Deleting of the original file
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb37815904e7bd9b4d995fa13ce852db1e7ad0c522565cb52a8f1c1d3804d439/
Threat name:
Win32.Trojan.Symmi
Create hunting rule
Status:
Malicious
First seen:
2020-11-06 19:01:12 UTC
AV detection:
26 of 29 (89.66%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
3075a769f000372501a625d5073892f6a1c7363fe4ec5751658d7bc00561d0ff
3d4123b64abdd43b8b419e568239501feeb7201bf6bf97b4d6fba447a54d5115
473312ffebfedba134fb127faaccf6c0084c03d268f3f333e0722bff8cbaab3d
4ec20c7462bc089db7d65f7bea468924d4c8fa884c417eeec80a963a317885d7
6e6701b9412bd1434570be69197b6ac9b962b98baab380637e212f36c1e20986
96cf60931b603aea8fa03c6cf36f47f3207024bf437ef503bbe7ea6acbfde4ad
a7e7381c96e33549267411497629a4f4700eda1932162344acde602f61671440
adcce5fe632ba6788b2538936984ba41069b5302b2c0983018353d2358746dc2
b1f292df0cec2b326d9231003b603d80c5a41c0eebbd51e13ad6d57493a0ec8b
b888a81d7584240c64fdabfaf31c0feb628e143ba70ce68d0a211639b481b8de
+ 75 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/201117-zaq7q2qsve/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: RenamesItself
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Program crash
Legitimate hosting services abused for malware hosting/C2
Deletes itself
Loads dropped DLL
Executes dropped EXE
Unpacked files
SH256 hash:
fb37815904e7bd9b4d995fa13ce852db1e7ad0c522565cb52a8f1c1d3804d439
MD5 hash:
a83ef7e3fec2fe13a90dc562f83d5cbc
SHA1 hash:
d1656ee8dbbff504d5e897d9bd2a5d3502fc00a1
Link:
https://www.unpac.me/results/e2451af5-ad75-4f7b-bbc0-5708fe5e8f62/
SH256 hash:
63c8b983adb0ab40fe5db930ca3907d6e31fbaaceb98fe0811b9490410bb7cee
MD5 hash:
a7706384995b6c3029e669ae7df87d15
SHA1 hash:
a8763fd61e9416688e3149ea12e1d024ac1b63a1
Link:
https://www.unpac.me/results/e2451af5-ad75-4f7b-bbc0-5708fe5e8f62/
SH256 hash:
025cabc559eb872cadfd0c4038223167e92207e9832ab33e96ea0b5359d33ee7
MD5 hash:
9c2a2d3f6d79ac4bf38edc2b7784190f
SHA1 hash:
1c3bb0e2ee851d94dd157e5e22af5a413d90aae5
Link:
https://www.unpac.me/results/e2451af5-ad75-4f7b-bbc0-5708fe5e8f62/
SH256 hash:
2dba6a1d3678f6af6956eadd1c226667ee6bfa67f3844b747d4d00535ec33553
MD5 hash:
d5196430153d2100910432d035a73016
SHA1 hash:
6a9d24d6626f37c4f546cc39d597ecc8484f797d
Link:
https://www.unpac.me/results/e2451af5-ad75-4f7b-bbc0-5708fe5e8f62/
SH256 hash:
2f68eb8d90afd3e2b5b9e3ff1e22eaf398873b82dcbf094164448b629c4b9e25
MD5 hash:
911a8449fe5c34902f0527a7769cba4e
SHA1 hash:
9ce1ddb58c7b59d9e90579197165fc521867e9f4
Link:
https://www.unpac.me/results/e2451af5-ad75-4f7b-bbc0-5708fe5e8f62/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Skeeyah
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb37815904e7bd9b4d995fa13ce852db1e7ad0c522565cb52a8f1c1d3804d439

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments