MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e
SHA3-384 hash: 2d06b07670148534d56daec9023f00f7572ad854d2ebacb46102331a31e34ebe026040113bb3c1dd6202edf4c0879b99
SHA1 hash: 0f9131ce641dffb85c9248e17a0f4e30598e4240
MD5 hash: d146dba321e29ccabae96ca1c557ba60
humanhash: neptune-hawaii-texas-illinois
File name:d146dba321e29ccabae96ca1c557ba60
Download: download sample
File size:1'089'488 bytes
First seen:2021-07-06 00:43:52 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9ad22365520b11a0847833f100aa3244
ssdeep 24576:3zJla39cGH0dg7sOlQCig1abH9RKP3QUxq8m1:dlq9n7h2/waL9RKP3u
Threatray 5 similar samples on MalwareBazaar
TLSH 8D35E011F7914878D076C434CA638613DAB2B89A0FA4EADF2394926D1F777E45B3E720
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
x86_x64_setup.exe
Verdict:
Malicious activity
Analysis date:
2021-07-05 18:33:17 UTC
Tags:
evasion trojan stealer vidar rat redline phishing loader
Link:
https://app.any.run/tasks/b7c092c3-c4d2-4241-a76c-114a4d1c3fd1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/169818/
Detection(s):
SecuriteInfo.com.W32.AIDetect.malware1.12380.32234.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/3f3c50b3-dd00-4a27-b1a9-cafc2e1b6b04
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/812002
Signature
Creates processes via WMI
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 444413 Sample: blXrNAfEWw Startdate: 06/07/2021 Architecture: WINDOWS Score: 60 23 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->23 25 Multi AV Scanner detection for submitted file 2->25 7 blXrNAfEWw.exe 2 2->7         started        process3 signatures4 27 Creates processes via WMI 7->27 10 blXrNAfEWw.exe 5 7->10         started        13 conhost.exe 7->13         started        process5 file6 17 C:\Users\user\AppData\Local\Temp\axhub.dll, PE32 10->17 dropped 19 C:\Users\user\AppData\Local\Temp\libEGL.dll, PE32+ 10->19 dropped 21 C:\Users\user\...\eventlog_provider.dll, PE32+ 10->21 dropped 15 conhost.exe 10->15         started        process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e/
Threat name:
Win32.Trojan.Fugrafa
Create hunting rule
Status:
Malicious
First seen:
2021-07-05 11:14:59 UTC
AV detection:
15 of 46 (32.61%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
361dc084efc29ddc0a837710fc28a872389e3a61413e5c82fcbefc1906c7b29f
a6e2d6db4f376331a5a38448eaaff714a6283e40b7560cb197c767cdc9da7095
a8453c683bababb0d92e62bd37a77763688d25582a10caf19f9c4d069e0c3c3a
a896d938f2ec1a5384aa5f1b1d73c4141fc601e824972c60b6634bc9b1e7c1a0
add3d9d0cc55330be20a344067c55a2e3f601c300458bfa66c1fa64773af967c
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210706-j545prr1x6/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Unpacked files
SH256 hash:
e7ea471d02218191b90911b15cc9991eab28a1047a914c784966ecd182bd499c
MD5 hash:
7f7c75db900d8b8cd21c7a93721a6142
SHA1 hash:
c8b86e62a8479a4e6b958d2917c60dccef8c033f
Link:
https://www.unpac.me/results/50757927-53a1-4847-a473-b07f774cacf6/
SH256 hash:
fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e
MD5 hash:
d146dba321e29ccabae96ca1c557ba60
SHA1 hash:
0f9131ce641dffb85c9248e17a0f4e30598e4240
Link:
https://www.unpac.me/results/50757927-53a1-4847-a473-b07f774cacf6/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fd5e5844a7fa354f427096c541c2952ccd96222302b5feceeca5f298658db71e

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1429598/
Cape
Cape
https://www.capesandbox.com/analysis/169818/

Comments


Avatar
zbet commented on 2021-07-06 00:43:54 UTC

url : hxxps://b.xyzgame.cc/userf/2201/75ea29fa298dc771e62cf0500e3c0a1d.exe