MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac
SHA3-384 hash: 0f68459c2bccb9e3097e9871744baeb43f77596b74bde6269d1e66a23374cc3677a94391f3c5a4424e06edfcaf6e789b
SHA1 hash: 7b53a90e4ab1f19083f2938d9e31148d5644f93e
MD5 hash: 63021eb9e87eb8e5ec648b1a6d8e2449
humanhash: timing-double-hamper-five
File name:fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac
Download: download sample
File size:798'464 bytes
First seen:2021-02-17 08:51:39 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 81fd276d49dcfb5944ab1253641f139e
ssdeep 12288:gDuWNvtS/PHV4c1JwX2afK+ixeCzseMb01JQntLOCr8XeM10I:gDlvEPTJmix5zsemr8N/
Threatray 13 similar samples on MalwareBazaar
TLSH 5D05522656D8B979E3F69B307FF252D3BA69BC523834CC0E11D5030D0969A42FDA076E
Reporter JAMESWT_WT
Tags:Fubon Technologies Ltd signed

Code Signing Certificate

Organisation:Fubon Technologies Ltd
Issuer:DigiCert EV Code Signing CA (SHA2)
Algorithm:sha256WithRSAEncryption
Valid from:2020-09-21T00:00:00Z
Valid to:2021-09-29T12:00:00Z
Serial number: 07cef66a71c35bc3aed6d100c6493863
Intelligence: 35 malware samples on MalwareBazaar are signed with this code signing certificate
MalwareBazaar Blocklist:This certificate is on the MalwareBazaar code signing certificate blocklist (CSCB)
Thumbprint Algorithm:SHA256
Thumbprint: 24369fc6809bf4080c11a556a63c718ec4938de0a6a89186ee026933bf5596a6
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/117529/
Detection(s):
SecuriteInfo.com.Trojan.Fakealert.59250.29481.12106.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Creating a file in the %temp% subdirectories
Creating a file
Sending a UDP request
Unauthorized injection to a recently created process
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
36 / 100
Link:
https://www.joesandbox.com/analysis/609989
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 354017 Sample: XLyS61rJJ6 Startdate: 17/02/2021 Architecture: WINDOWS Score: 36 10 Multi AV Scanner detection for submitted file 2->10 6 XLyS61rJJ6.exe 3 2->6         started        process3 process4 8 dfsvc.exe 3 28 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-01-10 05:14:16 UTC
File Type:
PE (Exe)
Extracted files:
35
AV detection:
16 of 48 (33.33%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
22eca2f89598c64298213cdfcc30efa636976c1128313faf127a5441535b61f9
3a2a76b54be9df6e2c1a5fd727a30afc9431675a2404c476ad56a5adbc3c5852
54eace7780d77504a6a87991a01ea130f6cdf33b45b54ff6fd83736432092afc
5618f6720d4642d1f8e80641abd519852dc3a448737942967b52f671dbff9210
74fc46f9a1c3990a4c5b4dac8e317fb5f4ba3b6f83c84dc49fb5192007be00d2
7d9abe313b005fd358bde523a6133325e535d4e48873ffaddc5cc77b086a1b04
7ee17024a18444ce27ff455c4ba4a05c65aa12fc4f698ef1936450c4c0df8641
c896094017e57358eafffebf3f373d60a238739184ff8a9d43bd08469f752d7a
d658764009896365bfc6c896a1f242b344c58e06ca4007b5d98fc48df26bfa69
f2f8e9fcac33f0a957f825522bc4fc43348e00adf6b534f14ccf30f44a5b86c7
+ 3 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210217-svbxt7xbv2/
Behaviour
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac
MD5 hash:
63021eb9e87eb8e5ec648b1a6d8e2449
SHA1 hash:
7b53a90e4ab1f19083f2938d9e31148d5644f93e
Link:
https://www.unpac.me/results/2aa9a66c-d09a-48ac-a5f0-cc3d2f12895c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Renos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fbe5392d8a99a75efd085f6f23d19290d1c2febbf22def3e98687cf53672d6ac

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cert_blocklist_07cef66a71c35bc3aed6d100c6493863
Create hunting rule
Author:ReversingLabs
Description:Certificate used for digitally signing malware.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/117529/

Comments