MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203
SHA3-384 hash: 91b15414babf2cc8f326ad5f2f4e4be1e00cbb61e3d46f55aac22e5ccd78cecfc6605d10ee7c79462c505497b2fdb6b4
SHA1 hash: a381b0fa8727c7fc723638546b7378850beeb8d1
MD5 hash: ec22b0f93bf2e35f9c2ed338d59fed68
humanhash: friend-muppet-zulu-massachusetts
File name:ec22b0f93bf2e35f9c2ed338d59fed68
Download: download sample
File size:2'284'967 bytes
First seen:2023-09-29 19:30:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ba3ea0d6362a841ec66a1fc0a1b874f
ssdeep 49152:ufuyo2d519Lb2sLqcFVbnQtcYAue8AK+qs/62N9JkmN:h3m19Lb2oe29JF
TLSH T167B533203FE2E1FFC5522136868877B082F6E3595F1F0EDB9384DA5C4F68A92D51B690
TrID 38.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.6% (.EXE) Win64 Executable (generic) (10523/12/4)
11.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
10.5% (.EXE) Win32 Executable (generic) (4505/5/1)
4.7% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 848c5454baf47474 (2'088 x Adware.Neoreklami, 101 x RedLineStealer, 33 x DiamondFox)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
276
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/452051/
Detection(s):
SecuriteInfo.com.Win32.Evo-gen.22271.24727.UNOFFICIAL
Create hunting rule

Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Searching for the window
Creating a file in the %temp% subdirectories
Running batch commands
Launching a process
Сreating synchronization primitives
Creating a process with a hidden window
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
installer lolbin overlay packed SFX shell32
Link:
https://www.filescan.io/uploads/651725fc34be449f011b646d/reports/497a0a6f-cd5f-48b7-82f0-3dc30667395f/overview
Verdict:
Malicious
Labled as:
Trojan.DuckTail
Link:
https://www.hybrid-analysis.com/sample/fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/cb93eb00-ad4f-45f0-81d8-97028e246872
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1316859
Signature
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1316859 Sample: iKx5nR253V.exe Startdate: 29/09/2023 Architecture: WINDOWS Score: 52 27 Machine Learning detection for sample 2->27 29 Machine Learning detection for dropped file 2->29 31 PE file contains section with special chars 2->31 10 iKx5nR253V.exe 3 2->10         started        process3 file4 25 C:\Users\user\AppData\Local\Temp\...\JG.o, PE32 10->25 dropped 13 cmd.exe 1 10->13         started        process5 process6 15 control.exe 1 13->15         started        17 conhost.exe 13->17         started        process7 19 rundll32.exe 15->19         started        process8 21 rundll32.exe 19->21         started        process9 23 rundll32.exe 21->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-09-29 20:18:02 UTC
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7rz3caxea6dqqjiykm6wzby5gagojrf4xa3qbygcdnpe7rqjqibq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/230929-x8c56aeb81/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Unpacked files
SH256 hash:
618a2c28de7593e6e9e17affd34ff2b05fe7b3c00740343c81f554f65cdefbc8
MD5 hash:
0255f1f5ddcd8b99f93dfae4980cc9f2
SHA1 hash:
f948966990414fa49230631ad612a30d70ee2f22
Link:
https://www.unpac.me/results/a7f11a6b-5fae-4aec-906a-f08c6073ae6b/
SH256 hash:
fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203
MD5 hash:
ec22b0f93bf2e35f9c2ed338d59fed68
SHA1 hash:
a381b0fa8727c7fc723638546b7378850beeb8d1
Link:
https://www.unpac.me/results/a7f11a6b-5fae-4aec-906a-f08c6073ae6b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fc73b102e40787082518533d6c871d300ce4c4bcb83700e0c21b5e4fc6098203

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2715154/
Cape
Cape
https://www.capesandbox.com/analysis/452051/

Comments


Avatar
zbet commented on 2023-09-29 19:30:37 UTC

url : hxxp://77.91.68.52/fuza/herom.exe