MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97
SHA3-384 hash: 6f99bfcd66debf512410a1306c9372ddcf668bfb8ff74508a7453dab394ccbe8538e468a2347c9ff425317169d5f8da2
SHA1 hash: 6c18dfc3624cb5913f0114ae468881339d3f52d2
MD5 hash: 50bb1a27a9bd2a565c82d0eef54df92a
humanhash: floor-indigo-lamp-india
File name:PROFORMA.EXE
Download: download sample
File size:950'272 bytes
First seen:2021-02-20 11:26:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f57b4e4642b7bb0d416dbb81ca606420 (1 x Loki, 1 x RemcosRAT)
ssdeep 12288:NucK08u8Bjz2kUCaz/F3IBBH1eqGyOJlRtLAPjBLFEGeNFK9uzc3QK1jCzbLfWe9:NPKvBvHbMK9IZqfetDocp
Threatray 107 similar samples on MalwareBazaar
TLSH D0155EF2954A4B21F01B323DE48AE63417A2B9BD3D194765DE983B078B6B7183D9007F
Reporter abuse_ch
Tags:exe


Avatar
abuse_ch
Malspam distributing unidentified malware:

HELO: mail.marketvaluerates.digital
Sending IP: 143.198.1.98
From: <noreply@marketvaluerates.digital>
Subject: PROFORMA_INV_3906_PAYMENT
Attachment: PROFORMA_INV_3906_PAYMENT (2).gz (contains "PROFORMA.EXE")

Intelligence

File Origin
# of uploads :
1
# of downloads :
117
Origin country :
n/a
Vendor Threat Intelligence
Detection:
DLAgent07
Create hunting rule
Link:
https://www.capesandbox.com/analysis/118111/
Detection(s):
Win.Dropper.Fareit-9832696-0
Create hunting rule

PUA.Win.Adware.Slugin-6803969-0
Create hunting rule

PUA.Win.Adware.Slugin-6840354-0
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Sending a UDP request
DNS request
Sending a custom TCP request
Creating a file
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Unknown
Detection:
suspicious
Classification:
n/a
Score:
25 / 100
Link:
https://www.joesandbox.com/analysis/613278
Signature
Machine Learning detection for sample
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97/
Threat name:
Win32.Infostealer.Fareit
Create hunting rule
Status:
Malicious
First seen:
2021-02-20 11:27:10 UTC
AV detection:
18 of 28 (64.29%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7v6vef35maazao6bodyqsnww6z7rl4mgs2dueohbzhrmnfadn6lq._file
Verdict:
malicious
Similar samples:
0b3369216c127cc53e7c1050cc5e240101c1282ca0c0bf974f7e1c3be0009cca
0d03646fdaee92061ac0ffa4ba7c737d0ef101858b30bd7432148f7e9faf279a
20fe5347a7254b7f5d75c7fce2542b88abdb8d1939afe621544c61d35e45bdee
2a914a931b749d964e9087d25ec502a25c22118c24e0239e7b9a73af3d4a6779
63546d7293b43b8c746bbddddcfe798478d99e5786fceff8d1fcfb52b9a64aed
64ec407029e6f62da7f2898dc4644c58f970546eb9679f5c540295debfa6006a
66eb53699937b049b917bbcfa13b9b5d2f8449753dcbbf9e35405a766cdc9a70
926da3334135961ff0c19ecf4358201ba4734ab01186061c423deeb081ec1cff
adb361129e2125c0c123c123b5ead7a6785a12c77701d9d27a4b67d1bddcba34
c062b4a790666b338f7955ea792605bf0244a8d36cb1050c602727ff6d654e36
+ 97 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/210220-dpys5k6ca2/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Unpacked files
SH256 hash:
742d9dde82f369f53ebd096e97446b429793401ab681f63e6b24b87ebc1bbc06
MD5 hash:
6a9a262f0ad021baff8e22a6dd4a53ae
SHA1 hash:
160189d345c18854b631a20011103edd2fdd136f
Link:
https://www.unpac.me/results/fd1005cc-fd99-4f43-9ae9-cf2cd87b8e01/
SH256 hash:
fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97
MD5 hash:
50bb1a27a9bd2a565c82d0eef54df92a
SHA1 hash:
6c18dfc3624cb5913f0114ae468881339d3f52d2
Link:
https://www.unpac.me/results/fd1005cc-fd99-4f43-9ae9-cf2cd87b8e01/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

gz 593a96c5dbeab32bf8ff098eaca381a48fd78ae5d4d2b2797b8e99abcb1cdea0

Executable exe fd7d52177d6001903bc170f10936d6f67f15f18696874238e1c9e2c694036f97

(this sample)

  
Dropped by
MD5 44aa62ed08b00e304e133821bf463ef8
  
Delivery method
Distributed via e-mail attachment
Cape
Cape
https://www.capesandbox.com/analysis/118111/
  
Dropped by
SHA256 593a96c5dbeab32bf8ff098eaca381a48fd78ae5d4d2b2797b8e99abcb1cdea0

Comments