MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3
SHA3-384 hash: 180f952e415622fe8c70369bd759580dd36c1ce9afce4080a3f13b3c91374214007758beaeef6f81becc08c6ea3d4430
SHA1 hash: 33c7e7cf000c7848462ea71c1074ed1cb08da2bd
MD5 hash: 1a281a2513dc2d9543c037baff098eda
humanhash: vermont-finch-maryland-diet
File name:5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3
Download: download sample
File size:89'180'087 bytes
First seen:2025-09-23 15:03:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (525 x GuLoader, 110 x RemcosRAT, 80 x EpsilonStealer)
ssdeep 1572864:9I18/g6sfGKugeW9nngivgNZqlNrBQLhJknKTRiKbDrsgWHt9SX:9I18I1GK9H5JKLqKTRi8DrsxHSX
TLSH T1541833F6A440D1C7F4C3567ED6C242509BDC7A6B5AA2CBC40A3CC656B6AD004FB4A7F2
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe LootRush

Intelligence

File Origin
# of uploads :
1
# of downloads :
88
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3
Verdict:
Malicious activity
Analysis date:
2025-09-23 15:07:47 UTC
Tags:
nodejs
Link:
https://app.any.run/tasks/3542cd01-c6cc-4c27-9f2f-b07b3abaa11e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d2b750a8481b7a76abcef2
Tags:
spawn shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Сreating synchronization primitives
Creating a window
Searching for the window
Searching for the Windows task manager window
Running batch commands
Creating a process with a hidden window
Launching a process
Using the Windows Management Instrumentation requests
Creating a file
Sending a custom TCP request
Creating a file in the %AppData% subdirectories
Creating a process from a recently created file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug blackhole fingerprint installer microsoft_visual_cc nsis overlay packed
Link:
https://www.filescan.io/uploads/68d2b78458f24ea0d229dc75/reports/5bfa2112-3997-49b9-8e1b-19a1c492307e/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3
Verdict:
Unknown
File Type:
exe x32
Link:
https://opentip.kaspersky.com/5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3/results?tab=lookup
Score:
80%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5eda01fbeee3c05f216a595c97dc74343ce244d37d318101dc16fd6c3f9763a3
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l3nad67o4paf6ilklfojpxdugq6oergtpuyycao4c36wyp4xmorq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution
Link:
https://tria.ge/reports/250923-sjxq2sck81/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates processes with tasklist
Checks installed software on the system
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e0678d64-cffb-4ca5-a60d-fce158addc73
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments