MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75
SHA3-384 hash: 873035986c8ac07b6ae3ae56ed7c2e419e37e27b1684b43aa3016de9646464d026601d3316ddc894b6ef284825d3de6e
SHA1 hash: d697dc650c2c9c42ea2142d7507e4dd95ae07fd8
MD5 hash: 6e5e356dbf9165782bc336703a9d9487
humanhash: east-nevada-apart-connecticut
File name:FusionEcho.exe
Download: download sample
File size:174'592 bytes
First seen:2024-01-20 01:45:25 UTC
Last seen:2024-01-20 03:24:47 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c0b5930360a760ed4a94825f717ad4e4
ssdeep 3072:WTBocC59ohgWr8QmWnMFtiUMWellix1Nex6b:556WWn5UMBCx10x
Threatray 1 similar samples on MalwareBazaar
TLSH T16A047267D27760E8D6BEC07995A67522FC713A588234AB6BCB508B231B20F74F13D724
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Reporter tildedennis
Tags:exe SILENTNIGHT


Avatar
tildedennis
silentnight version 2.1.7.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
467
Origin country :
US US
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471800/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.29560.5972.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Creating a file in the %AppData% subdirectories
DNS request
Creating a window
Unauthorized injection to a system process
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/65ab25da499f5240353e6442/reports/b85cc28a-7413-40b9-b253-ce1c9d703f24/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/02de9116-41a7-4a8a-8e74-5e9c4517518d
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1377868
Signature
Allocates memory in foreign processes
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found evasive API chain (trying to detect sleep duration tampering with parallel thread)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Tries to resolve many domain names, but no domain seems valid
Uses cmd line tools excessively to alter registry or file data
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1377868 Sample: FusionEcho.exe Startdate: 20/01/2024 Architecture: WINDOWS Score: 100 44 uwgopmbefmqtumbtfcby.com 2->44 46 ucqjfrgtkwgekrqypwlt.com 2->46 48 31 other IPs or domains 2->48 54 Snort IDS alert for network traffic 2->54 56 Multi AV Scanner detection for domain / URL 2->56 58 Antivirus / Scanner detection for submitted sample 2->58 60 2 other signatures 2->60 9 FusionEcho.exe 2->9         started        12 FusionEcho.exe 2->12         started        14 FusionEcho.exe 2->14         started        signatures3 process4 signatures5 62 Writes to foreign memory regions 9->62 64 Allocates memory in foreign processes 9->64 66 Modifies the context of a thread in another process (thread injection) 9->66 16 msiexec.exe 1 17 9->16         started        68 Antivirus detection for dropped file 12->68 70 Multi AV Scanner detection for dropped file 12->70 72 Injects a PE file into a foreign processes 12->72 20 msiexec.exe 14 12->20         started        22 msiexec.exe 14 14->22         started        process6 file7 42 C:\Users\user\AppData\...\FusionEcho.exe, PE32+ 16->42 dropped 50 Uses cmd line tools excessively to alter registry or file data 16->50 52 Found evasive API chain (trying to detect sleep duration tampering with parallel thread) 16->52 24 reg.exe 1 1 16->24         started        26 reg.exe 1 16->26         started        28 reg.exe 1 16->28         started        30 2 other processes 16->30 signatures8 process9 process10 32 conhost.exe 24->32         started        34 conhost.exe 26->34         started        36 conhost.exe 28->36         started        38 conhost.exe 30->38         started        40 conhost.exe 30->40         started       
Score:
96%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75/
Threat name:
Win64.Trojan.Seheq
Create hunting rule
Status:
Malicious
First seen:
2023-12-22 21:03:46 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
26 of 38 (68.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7pla775v2fq6auo2upt5mxak2x2ys2d6slsdgkofytevb5mpxn2q._file
Verdict:
malicious
Similar samples:
fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/240120-b6y4yshddl/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Unpacked files
SH256 hash:
fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75
MD5 hash:
6e5e356dbf9165782bc336703a9d9487
SHA1 hash:
d697dc650c2c9c42ea2142d7507e4dd95ae07fd8
Link:
https://www.unpac.me/results/bcddfe82-f142-452b-8529-38ffe0516061/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fbd60fffb5d1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/fbd60fffb5d161e051daa3e7d65c0ad5f589687e92e43329c5c4c950f58fbb75

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://zeusmuseum.com/silentnight/
Cape
Cape
https://www.capesandbox.com/analysis/471800/

Comments