MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819
SHA3-384 hash: 07be9dd8f349da32d18124b5c57d149719ff9d9f31d305840ebae91a78cdd5564c08fd4e844766c5cb503e6414f1e2d9
SHA1 hash: ef81c9069e69568cc19251e5431e07d0836a5990
MD5 hash: 74216f417a5599b00f8af652b38d3705
humanhash: undress-lima-friend-nuts
File name:74216f417a5599b00f8af652b38d3705
Download: download sample
File size:126'951 bytes
First seen:2022-04-16 09:38:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b1e8695b9eed440cd1ef5f8703820ee1
ssdeep 3072:9rn4CuDcpMkymV5x0RCVZeeUebHCDYp61FmHhe8pTAV02DtEb:9r4Ndkf5xUCXUXDY8TDtEb
Threatray 42 similar samples on MalwareBazaar
TLSH T16DC37D1175C0C872E572193109A4EAF55E3EF9314F606EEBB3C8467A0F782C19926DBB
TrID 32.2% (.EXE) Win64 Executable (generic) (10523/12/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4505/5/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter zbetcheckin
Tags:32 exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
467
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
74216f417a5599b00f8af652b38d3705
Verdict:
Malicious activity
Analysis date:
2022-04-16 09:39:55 UTC
Tags:
opendir
Link:
https://app.any.run/tasks/21e6f81b-0f0c-4de5-8351-32d88de75b80

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/264106/
Detection(s):
SecuriteInfo.com.Trojan.DownLoader44.47698.28890.31815.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Сreating synchronization primitives
Sending an HTTP GET request
Creating a file
Enabling the 'hidden' option for recently created files
Launching a process
Creating a process with a hidden window
Creating a process from a recently created file
Enabling autorun by creating a file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/14027/overview
Behaviour
MalwareBazaar
CallSleep
MeasuringTime
CheckCmdLine
EvasionQueryPerformanceCounter
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug anti-vm clipbanker control.exe greyware overlay schtasks.exe shell32.dll
Link:
https://www.filescan.io/uploads/625a8eb6482f2f41cabb6382/reports/c09063db-d44f-4501-857e-120f4ef619e9/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Tasker
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ec9e81ae-0677-4ea1-9228-3cb457930f6a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
88 / 100
Link:
https://www.joesandbox.com/analysis/977675
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Contains functionality to check for running processes (XOR)
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Uses schtasks.exe or at.exe to add and modify task schedules
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819/
Threat name:
Win32.Trojan.Tasker
Create hunting rule
Status:
Malicious
First seen:
2022-04-16 09:39:06 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 26 (84.62%)
Threat level:
  5/5
Verdict:
malicious
Similar samples:
2e7ee3774e24879f182958a43c44066a329a7a1f00bd2f17b5b4883fb5911c20
30885d911eb3340e3278bd5a7e57cba20e27a8a89e2f96bedc2189bf2930d166
3e1a6299d80d53a831c2e6759ce2ac41e6d9aa6603cb2a1df7efbfb86debefa5
7dc0e773a3841a28154dda161959db9257563d056caaccb56f7b68dcad720490
9d7172e0fe7ca9477ac02723fcd9428dd263b5311540bdc143f8714dc4ca7962
c47c10545767892ba8fdaa1ba682295251016938318d807fe40736e5ae832322
d87d068e5cb1719d523dbeeff0306d360ab4d4f4efa1ba6accf61b2c3a5516e1
ea8cdf3704e83940e35299b228910d91620595e5bd7fc6caa9dcc51632b2ba0e
f2728aa3b21589253ef20cc58a524e846ce41c07fc53ca124d580a7a364ecad6
+ 32 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/220416-lml1dsgfb4/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819
MD5 hash:
74216f417a5599b00f8af652b38d3705
SHA1 hash:
ef81c9069e69568cc19251e5431e07d0836a5990
Link:
https://www.unpac.me/results/fc3bd4e6-cf7b-4ce6-b0a4-bea5a68c639e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe fdfcd08ab1121907e1a64a6b4e2e0778861f98c5cbfe30913e2a7318932d7819

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/264106/

Comments


Avatar
zbet commented on 2022-04-16 09:38:37 UTC

url : hxxp://193.233.48.19:7766/fas.exe