MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982
SHA3-384 hash: 54c4097798f04b520c9d1119774ab791c50436cfa83348e881faf7e3772053741263e99ea7a211c54293d4c22adadd67
SHA1 hash: 8411d44d6c9bee1008290dcca1109bff92d30de1
MD5 hash: 93159bd11c4460c153778cb0895f403a
humanhash: wolfram-august-red-island
File name:SecuriteInfo.com.Riskware.HackTool_Agent.10729.32214
Download: download sample
File size:13'312 bytes
First seen:2024-11-02 18:38:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 95de3b0b000d1282fedb0934af22d522
ssdeep 192:AHQwZssewToottlEeTlRzOUt1ZXV5Ea1ueU0FYc0g0xtiaZ:AHts2T3tlBTlRqUr5E5/A5QtiS
TLSH T1AD520996B21068E3E2BF84BDC9464A15DAF0F012136397DF86A5C06E1F5BFE1693C701
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
300
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Riskware.HackTool_Agent.10729.32214.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=672671d449e92a05dde284f0
Tags:
malware
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Creating a file in the Windows subdirectories
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
microsoft_visual_cc
Link:
https://www.filescan.io/uploads/672671cd6eca303432de264e/reports/e64e4060-5be4-45a1-982d-688a9b554c7b/overview
Verdict:
Malicious
Labled as:
Win64_Riskware_HackTool_Agent_P
Link:
https://www.hybrid-analysis.com/sample/fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a36425ff-1242-4287-8ecf-043134ecc670
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
21 / 100
Link:
https://www.joesandbox.com/analysis/1547629
Signature
Found driver which could be used to inject code into processes
Behaviour
Behavior Graph:
Download SVG
Score:
90%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7r6ll3a7wjdmxp6etwz77zkobrcogro3konyxqu3zk2njsxx5gba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241102-xal1easbnc/
Verdict:
Suspicious
Tags:
maldriver
YARA:
HUNT_WIN_DRIVER_UNSIGNED_00
Link:
https://app.threat.zone/submission/8b38b96e-868b-49bd-95aa-986925a3e9de
Unpacked files
SH256 hash:
fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982
MD5 hash:
93159bd11c4460c153778cb0895f403a
SHA1 hash:
8411d44d6c9bee1008290dcca1109bff92d30de1
Link:
https://www.unpac.me/results/13bad33b-88bd-4d09-b0cb-8ea4e5fb03e1/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fc7cb5ec1fb246cbbfc49db3ffe54e0c44e345db539b8bc29bcab4d4caf7e982

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3271924/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (FORCE_INTEGRITY)high
Reviews
IDCapabilitiesEvidence
KERNEL_APIManipulates Windows Kernel & Driversntoskrnl.exe::PsTerminateSystemThread
ntoskrnl.exe::RtlInitAnsiString

Comments