MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613
SHA3-384 hash: 1c46177df42a984695480a2328b054cf65021bd7d67f73c0ba4b060af5b5164ac9c4c97baeb1172be849ff632345f68e
SHA1 hash: 4f50bc66968b5435f81cee360a3cb1999e45ac60
MD5 hash: 3ace227a334fa18636c42ab18638abf2
humanhash: undress-mirror-lemon-apart
File name:3ace227a334fa18636c42ab18638abf2.exe
Download: download sample
File size:16'216'226 bytes
First seen:2023-03-04 07:51:45 UTC
Last seen:2023-03-04 09:32:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash c6e51dda1622035b42b177c9afe67c30
ssdeep 393216:h9DNFabhV8d9LNJ+y3k2woJuQFkyRmazVNEJVZOUcryo8mRHVG5xR:rDNFwVeey3kZoFVR8qyo8mByR
TLSH T1C6F60217ADA8CC68C59394331092C397D20AE18DAE0DDB9F13B11D45FEE096B5B12BED
TrID 43.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
22.9% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
9.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.0% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.2% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 1a3e69c8f012dcd9
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
216
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
3ace227a334fa18636c42ab18638abf2.exe
Verdict:
Malicious activity
Analysis date:
2023-03-04 07:56:43 UTC
Tags:
loader
Link:
https://app.any.run/tasks/e7e344e2-250c-4650-87cc-492722ebd3cc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
PUA.Win.Downloader.Driverpack-6717506-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a window
Сreating synchronization primitives
Searching for synchronization primitives
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Searching for the window
Launching a process
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug javadropper overlay packed shell32.dll
Link:
https://www.filescan.io/uploads/6402f8a547dff094b52834d8/reports/72baad11-f24f-4d67-803e-4db9e32196e8/overview
Verdict:
Malicious
Labled as:
Downloader.Agent
Link:
https://www.hybrid-analysis.com/sample/fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aede06e0-0e7a-4e9a-b7f0-4716cc0b6eba
Result
Threat name:
Unknown
Detection:
malicious
Classification:
troj
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1187040
Signature
Antivirus detection for URL or domain
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 819916 Sample: a6p0IInDqJ.exe Startdate: 04/03/2023 Architecture: WINDOWS Score: 52 39 Antivirus detection for URL or domain 2->39 41 Uses known network protocols on non-standard ports 2->41 9 a6p0IInDqJ.exe 2->9         started        process3 process4 11 javaw.exe 4 9->11         started        process5 13 javaw.exe 51 11->13         started        17 icacls.exe 1 11->17         started        dnsIp6 33 46.138.252.157, 49729, 49732, 9274 ASN-MGTS-USPDRU Russian Federation 13->33 35 127.0.0.1 unknown unknown 13->35 37 192.168.2.1 unknown unknown 13->37 25 C:\Users\user\Desktop\a6p0IInDqJ.exe, PE32 13->25 dropped 27 C:\Users\user\...\discord_game_sdk_jni.dll, PE32 13->27 dropped 29 C:\Users\user\...\discord_game_sdk.dll, PE32 13->29 dropped 31 launcher-update-1707430107201049770.jar, PE32 13->31 dropped 19 javaw.exe 2 13->19         started        21 conhost.exe 17->21         started        file7 process8 process9 23 javaw.exe 29 19->23         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7uihmifjxk3pqfw72rmdcgnoj6eckouqdjdmd3jx5f52pxt7wyjq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/230304-jqd3vacf4s/
Behaviour
Modifies Internet Explorer settings
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Unpacked files
SH256 hash:
fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613
MD5 hash:
3ace227a334fa18636c42ab18638abf2
SHA1 hash:
4f50bc66968b5435f81cee360a3cb1999e45ac60
Link:
https://www.unpac.me/results/3e5d6363-a4ec-4646-b6d7-6a9660fbbcca/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.21
Link:
https://yomi.yoroi.company/submissions/fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:grakate_stealer_nov_2021
Create hunting rule
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fd107620a9bab6f816dfd4583119ae4f88253a901a46c1ed37e97ba7de7fb613

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2557677/
  
Delivery method
Distributed via web download

Comments