MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5
SHA3-384 hash: e442426254d13e219a5ea05129b1b07deb9c854b78b258259625a7db1f3a49ba8c347ba0e686c797930ddce11410026b
SHA1 hash: 0c15286457963eb86d61d83642870a3473ef38fe
MD5 hash: 10fc8b2915c43aa16b6a2e2b4529adc5
humanhash: july-december-fanta-delta
File name:cbf90eac7539afc9.exe
Download: download sample
File size:301'568 bytes
First seen:2022-02-27 17:47:43 UTC
Last seen:2022-02-27 20:01:30 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 74a6ef9e7b49c71341e439022f643c8e
ssdeep 6144:iZQUudV196PTIr8Py794fexEPBBKohz0vF:P56LIyTnBBKoS
Threatray 1'262 similar samples on MalwareBazaar
TLSH T1BF547D59B39410F9E977827CC8924606EA72BC164774D6AF33AC4A663F232D09D3FB11
Reporter ChaplinSec
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
263
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://wearedevs.net/exploits
Verdict:
Malicious activity
Analysis date:
2022-02-12 20:37:54 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/1ea4c006-7557-4bc5-84a6-0b1625c01fb3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/245096/
Detection(s):
SecuriteInfo.com.Suspected_malware.6935.11448.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Launching a service
DNS request
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/7534/overview
Behaviour
MalwareBazaar
MeasuringTime
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd.exe control.exe evasive greyware
Link:
https://www.filescan.io/uploads/621bb959b94fb38cb41c6579/reports/32411824-eafb-470a-8333-9e36580befe8/overview
Result
Verdict:
UNKNOWN
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Generic Malware
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/12caf939-7a4c-4e0b-88dc-48bfa52a0b2c
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/946957
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 579438 Sample: cbf90eac7539afc9.exe Startdate: 27/02/2022 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 cbf90eac7539afc9.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5/
Verdict:
unknown
Similar samples:
273ad5a2b3f62bd80b72a345fc153d30f3852301ed8d60ad40584086d7ee7735
42421c08872fa9a261dfe3184f7747d224ed3deb2c0420bbb2ce8f00387fd258
4fa28556557b228a0cabb6a51597217e09afdf58a140b1181f0bd8325e6e4d0f
51037666d1982db93e3123e88594d409805d3f1d970e9f926dcadb99f77f50f6
5906182e34caa4c37339e8d87cb46c9b9788088450d8a4b7c2052db5dbb8d174
59f9227db42a55af90159da69de83048cf1c93024889721f27a045c99c7c7eb8
87300e6563c7ac9d8d758b219d135fb8b84a7788419a0ddd8c3470cc1e739eae
a1457e7a591877c3732325e462c479a450b19bda91ecaca0a37cdb137ed152ae
a3fa04d27872b1fea175ee7ca2665ee3b8384db4b6a93f8015cc47e6dddf757d
cdbed3a79d37d581fc5be268df61e13aaafa5c88a001f4e8b298d77c4b37ae13
+ 1'252 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
evasion trojan
Link:
https://tria.ge/reports/220227-wdfgcscda3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Windows security modification
Modifies security service
Unpacked files
SH256 hash:
feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5
MD5 hash:
10fc8b2915c43aa16b6a2e2b4529adc5
SHA1 hash:
0c15286457963eb86d61d83642870a3473ef38fe
Link:
https://www.unpac.me/results/a503c3cd-214c-45e0-9164-1deca1582e38/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/feb09cc39b15/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:INDICATOR_SUSPICIOUS_EXE_RegKeyComb_DisableWinDefender
Create hunting rule
Author:ditekSHen
Description:Detects executables embedding registry key / value combination indicative of disabling Windows Defedner features

File information

The table below shows additional information about this malware sample such as delivery method and external references.

njrat

Executable exe a5a17977f49636417c0373bfa9577348ac55f4267af0aacf90344df6021adba7

Executable exe feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5

(this sample)

  
Dropped by
SHA256 a5a17977f49636417c0373bfa9577348ac55f4267af0aacf90344df6021adba7
Cape
Cape
https://www.capesandbox.com/analysis/245096/

Comments