MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56
SHA3-384 hash: 73948c6014ed082f4b6ef4e97f4302febaa33a43b7739ebf7942b57a0f8fd0362bfd0e4aa67276c2c030b523246f8762
SHA1 hash: 5a129bbd71b1d07234a47e376b1d3afc7cfca8dc
MD5 hash: 4412eaa3c2dbe82ac9cf982b1229548d
humanhash: xray-comet-earth-violet
File name:4412eaa3c2dbe82ac9cf982b1229548d
Download: download sample
File size:57'344 bytes
First seen:2021-08-07 16:11:44 UTC
Last seen:2021-08-10 02:35:59 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash de794eaa348bcab90828044bdaf70bdd
ssdeep 768:X2eCAiEfQXNua61pTUPIA7KfF3k92z27GEieel9:YAi/ua61pTaKewq6Ecl9
Threatray 1 similar samples on MalwareBazaar
TLSH T149437C137993C077D8A241B2797A4E5AA77EB630076096D7A7941F0E2DB05F2DE3A303
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
129
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
4412eaa3c2dbe82ac9cf982b1229548d
Verdict:
No threats detected
Analysis date:
2021-08-07 16:12:57 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/85306e79-7eb9-450f-839f-81917b22b4b9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/177169/
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ee05a378-b47b-4e9d-9274-c069de7db890
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/828650
Signature
Creates processes via WMI
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 461081 Sample: 3rJPhey0t1 Startdate: 07/08/2021 Architecture: WINDOWS Score: 68 21 google.vrthcobj.com 2->21 25 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->25 27 Multi AV Scanner detection for domain / URL 2->27 29 Multi AV Scanner detection for submitted file 2->29 8 3rJPhey0t1.exe 2 2->8         started        signatures3 process4 signatures5 31 Creates processes via WMI 8->31 11 3rJPhey0t1.exe 3 8->11         started        15 conhost.exe 8->15         started        process6 dnsIp7 23 a.goatgame.co 104.21.79.144, 443, 49713 CLOUDFLARENETUS United States 11->23 19 C:\Users\user\AppData\Local\Temp\sqlite.dll, PE32 11->19 dropped 17 conhost.exe 11->17         started        file8 process9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56/
Threat name:
Win32.Trojan.Midie
Create hunting rule
Status:
Malicious
First seen:
2021-08-07 06:07:00 UTC
AV detection:
12 of 46 (26.09%)
Threat level:
  5/5
Verdict:
suspicious
Similar samples:
3221c7c857b80fab3818cf1ea9435cef9626d84bd308d7a365e4e5089e5ef413
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/210807-zhjsb5fb12/
Behaviour
Checks processor information in registry
Modifies data under HKEY_USERS
Modifies registry class
Script User-Agent
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Drops file in System32 directory
Suspicious use of SetThreadContext
Looks up external IP address via web service
Loads dropped DLL
Process spawned unexpected child process
Unpacked files
SH256 hash:
fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56
MD5 hash:
4412eaa3c2dbe82ac9cf982b1229548d
SHA1 hash:
5a129bbd71b1d07234a47e376b1d3afc7cfca8dc
Link:
https://www.unpac.me/results/3ed4cd9a-560d-45ce-9f00-6fdadda515ad/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fdcfcab9289bcfc6ae67590a2995a8a5fedb19338d9eeac1ddf61acefbd36e56

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/177169/

Comments


Avatar
zbet commented on 2021-08-07 16:11:44 UTC

url : hxxps://a.goatagame.com/userf/3003/anyname.exe