MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb619d64ccfb1ec19658cbffe49a7b742ae4f279898cf330c60a5f251ade89bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb619d64ccfb1ec19658cbffe49a7b742ae4f279898cf330c60a5f251ade89bd
SHA3-384 hash: ce5ea36832e80592d831b0634857f555d83420216a0da803020feb9d600dad156124d0ae068652fe3dc3c3cae2c93028
SHA1 hash: e75fe7e16c945a99987981c7c031bf72b591e8ef
MD5 hash: 7837c91121468a285c00d58583bfef7b
humanhash: minnesota-minnesota-march-fish
File name:Deks.msi
Download: download sample
File size:84'809'728 bytes
First seen:2025-03-15 07:22:19 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1572864:o2Rw/NRLX2O/6GCrxJmAcBOFXFaPBUb7qjWqpRySyzDeMQcdIuJv2jVcd:o2wnLX2OArxJC20Ju7HeMQcdlJYcd
TLSH T1DD08121BB1844822D67B173899B6ED7B8924AEE30F20F17A1FC4F7993571385B621633
TrID 75.4% (.MSI) Microsoft Windows Installer (454500/1/170)
10.1% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.3% (.MSP) Windows Installer Patch (44509/10/5)
3.2% (.WPS) Kingsoft WPS Office document (alt.) (19502/3/2)
2.4% (.DB) Windows thumbnail Data Base (14519/2/1)
Magika msi
Reporter Anonymous
Tags:FakeApp msi Trojan horse program

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
FR FR
Vendor Threat Intelligence
Verdict:
Malicious
Score:
98.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d535b43962f1a6f47184a4
Tags:
smarts micro shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-vm cmd evasive expired-cert fingerprint lolbin msiexec overlay overlay remote runonce wix
Link:
https://www.filescan.io/uploads/67d52afd01edd28374b07fc9/reports/11aec030-1563-4804-a32e-1b8550262f44/overview
Verdict:
Suspicious
Labled as:
Trojan.Script.VBS
Link:
https://www.hybrid-analysis.com/sample/fb619d64ccfb1ec19658cbffe49a7b742ae4f279898cf330c60a5f251ade89bd
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/fb619d64ccfb1ec19658cbffe49a7b742ae4f279898cf330c60a5f251ade89bd
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1639253
Behaviour
Behavior Graph:
n/a
Score:
78%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/fb619d64ccfb1ec19658cbffe49a7b742ae4f279898cf330c60a5f251ade89bd
Gathering data
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-03-15 07:23:21 UTC
File Type:
Binary (Archive)
Extracted files:
44070
AV detection:
1 of 36 (2.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7nqz2zgm7mpmdfsyzp76jgt3oqvoj4tzrggpgmggbjpskgw6rg6q._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/250315-h7v71sxwbt/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Loads dropped DLL
Enumerates connected drives
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/59ed3931-b4ad-4912-9606-610e1d65a69a
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments