MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1
SHA3-384 hash: ea8ed6bb7d9edc9dcf851e1f3b2c1f00864100de0335bd34a2c3e9db82d81e8e4f4721a55cfb697df62aeb5725bea0bc
SHA1 hash: d793e4b674830b2d34a2dce62231b82b9b63a9ba
MD5 hash: 22609b1477936a4ecf689b2627cf22eb
humanhash: burger-oklahoma-wisconsin-crazy
File name:1.exe
Download: download sample
File size:3'688'960 bytes
First seen:2022-08-05 07:49:06 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a50e815adb2cfe3e58d388c791946db8 (2 x njrat, 2 x DCRat, 1 x Lucifer)
ssdeep 98304:2x2TS2EzzhKQxphovCYURsccxRneYviklCn:c2EzdKQxp6CYMyRneF
Threatray 2'205 similar samples on MalwareBazaar
TLSH T1260602C1C9898C52E97D8D3420B72D3A423B6F77A86C5DE99E5CF12176B38CD1029A1F
TrID 41.1% (.EXE) UPX compressed Win32 Executable (27066/9/6)
25.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
10.0% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4505/5/1)
File icon (PE):PE icon
dhash icon 71694d4dccc8c8d5
Reporter obfusor
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
257
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1.exe
Verdict:
No threats detected
Analysis date:
2022-08-05 07:51:01 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/dcdea4bc-d6c4-42a4-9675-af61c85a8880

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/296593/
Detection(s):
PUA.Win.Packer.Upx-4
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a file
Running batch commands
Creating a process from a recently created file
Searching for synchronization primitives
Launching a service
Creating a window
Creating a file in the system32 subdirectories
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/62eccbadb6d6be9f01cae67e/reports/5b986858-9d4c-4f9f-9723-5e18a6c4ee69/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/9e69713f-36ea-4198-a48b-7f838c839aae
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
63 / 100
Link:
https://www.joesandbox.com/analysis/1046626
Signature
Adds a directory exclusion to Windows Defender
Antivirus / Scanner detection for submitted sample
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Powershell adding suspicious path to exclusion list
Uses bcdedit to modify the Windows boot settings
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679120 Sample: 1.exe Startdate: 05/08/2022 Architecture: WINDOWS Score: 63 31 Antivirus / Scanner detection for submitted sample 2->31 33 Multi AV Scanner detection for dropped file 2->33 35 Sigma detected: Powershell adding suspicious path to exclusion list 2->35 37 2 other signatures 2->37 7 1.exe 15 2->7         started        process3 file4 23 C:\Users\user\Desktop\SysWin.exe, PE32 7->23 dropped 25 C:\Users\user\Desktop25Sudo.exe, PE32+ 7->25 dropped 27 C:\Users\user\AppData\Local\Temp\...\FD96.bat, ASCII 7->27 dropped 29 5 other files (none is malicious) 7->29 dropped 10 cmd.exe 1 7->10         started        13 conhost.exe 7->13         started        process5 signatures6 39 Uses bcdedit to modify the Windows boot settings 10->39 41 Adds a directory exclusion to Windows Defender 10->41 15 NSudo.exe 10->15         started        17 NSudo.exe 10->17         started        19 NSudo.exe 10->19         started        21 24 other processes 10->21 process7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1/
Threat name:
Win32.Ransomware.LockBit
Create hunting rule
Status:
Malicious
First seen:
2022-07-10 08:08:04 UTC
File Type:
PE (Exe)
Extracted files:
41
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7vv7zxv4wfo7qw3e7f3oo5dm5qin75am73gkexzkrzmwv4turwyq._file
Verdict:
malicious
Similar samples:
0f527546d025e3705bdbba6eb98226373a8b8368bd1d2915a5f195541566d11e
197473ef9099e43c74fc5dd19776cb4e001ccd39102c38c3bfa3f81db9fd92bb
26b22c0b1b4aab76f6a483ae3aec9f4eface7c7f5aeb546554afdf4ab0d54a6f
341c330050a34769add19859371459863a6fe4ac14e3cd042d805da7e3619a60
711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1
b3c03dc87f759a1b0336cb34993bed8d35f9b4e5b28295ff57ebb968875d14e9
edaabcb2e82b51c9b8df54dc82afc494bff804b1b187c4657ab583e8ca0bd052
+ 2'195 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/220805-jn9rqshfdj/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Loads dropped DLL
Executes dropped EXE
UPX packed file
Unpacked files
SH256 hash:
0eb584706bba4a652b094cc88cb9f11fc33c84046a42a5f9433094d6a25f9dab
MD5 hash:
ee673be93752da4f4f15fdca617b9360
SHA1 hash:
7d163f90e484a4bd73a6f38519d527d5537675be
Detections:
win_extreme_rat_w1
Create hunting rule
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
Parent samples :
711348ec1fb1f2a06aa394618b3dde8e91b29ba6b0097d545429521ad54326f1
fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1
SH256 hash:
bb1c75546c0d74dc5cc1eba28824b71a8add23528379b0a69453302a45e2a371
MD5 hash:
5a843cbbfdc35879e0523e6e526d4690
SHA1 hash:
a08de16aa0a00234a7577d4500da0a6d727a7e00
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
b6bcf5a57aeed49f051574af405c21d36edb21315f9fc855d762d091897dab02
MD5 hash:
10303266d08f7f623a737edac3cb086e
SHA1 hash:
1ae7f139feacd3027444d367d06e4c2810050a9c
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
3cc509e40e74bb9431e51a4b681ae314262e18f9dd0a33fb3538cd51db072983
MD5 hash:
9967019c22922a8a1127cd78eaea644b
SHA1 hash:
fb7ede20ca991ef081e8d26e09986b63951cbe63
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
497b29e4fc66dc0271e883c6294c7cb50d619f45da8eaecb107f76b38a169089
MD5 hash:
f4507db8d2bb37d85ea6961d2d0b0093
SHA1 hash:
e881409fe9c157efda096c61ce52853b1fa5fa64
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
b1c6cf4fe6370016573f2a95aafe22ddd2d13128c5597ce069fc91355f11050b
MD5 hash:
4a9547d6cce8164cdaf9774f7452c3b5
SHA1 hash:
431703c696f673a428fa8c770da7a25df6ab6abc
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
4568570283bdb8d9e6108f2cbe8d7299be7f3a1c2d9970916907a0d64b387d24
MD5 hash:
192ead6775691a9e979299e5afc6895a
SHA1 hash:
1d7b110c8b0d5ff8fa63e66b7b87adce7ff25f6f
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
0377585ec50ed2e1b3d8519be272599f31024accd20b484ddae8240e09cc83b4
MD5 hash:
13d3997b43c3d5cbafb0ff10b6f0dee1
SHA1 hash:
e650a76f3fa8d28e2ff3751ccf44d124ef2b82bd
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
ad80064f71d273967dcf0b14b9cd6e84d79a132231d619687d9266c7807bdfe0
MD5 hash:
a35ee23aaab26afc575ac83df9572b57
SHA1 hash:
81ea38c694ce9702faddfb961f17c1bbf628a76d
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
SH256 hash:
fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1
MD5 hash:
22609b1477936a4ecf689b2627cf22eb
SHA1 hash:
d793e4b674830b2d34a2dce62231b82b9b63a9ba
Link:
https://www.unpac.me/results/f9652cce-f0c7-4da6-98c9-38b1eb9fd113/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/fd6bfcdebcb1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fd6bfcdebcb15df85b64f976e7746cec10dff40cfecca25f2a8e596af2748db1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/296593/

Comments