MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19
SHA3-384 hash:	0aa81b12d2ed5aabea473c29dedf615f00d065b826a010b4110050b73288a6beb88222aa1159c82028df32e2a3abb20c
SHA1 hash:	fed244980a40c0808e7735027f556295492bc242
MD5 hash:	9b1ba3f0292c2099be0fc24b911db7e2
humanhash:	colorado-quebec-august-mobile
File name:	svchost.exe
Download:	download sample
File size:	1'456'715 bytes
First seen:	2025-11-23 09:24:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4d41beacc76045fb1924c6d5c7349c25
ssdeep	24576:76Zv2l4kPQeGy3JF1e5fg/vFP75ni+cKFwdmd9HDyx1Yx2lANCPrHQ0VfgHZhIpC:7E2lVL3Ze+/F5ndjFWmrjyx1cmbbxgAg
TLSH	T1A0653333799090FCC88B5E36006DDBF59BB3AAB332B47135AFE909661C714925A1FB14
Magika	pebin
Reporter	Hexastrike
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/40505/

Detection(s):

Win.Trojan.Ulise-10005646-0

Win.Trojan.Agent-1365923

Win.Trojan.Agent-1364139

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6922dec4b6ee81118d2ca1e7

Tags:

injection dropper malex virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file in the Windows subdirectories

Creating a file in the Windows directory

Creating a process from a recently created file

Creating a process with a hidden window

Creating a window

Launching a process

Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch

Enabling autorun with the shell\open\command registry branches

Enabling autorun

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context evasive fingerprint overlay overlay packed

Link:

https://www.filescan.io/uploads/6922d9a96a9db4642e0e82c7/reports/2e6215e1-a2a9-46ff-9de5-0607ef7d0a32/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19

Result

Gathering data

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/9b1ba3f0292c2099be0fc24b911db7e2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19/

Threat name:

Win32.Infostealer.Tinba

Status:

Malicious

First seen:

2025-11-23 08:46:31 UTC

File Type:

PE (Exe)

AV detection:

32 of 36 (88.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oesk2yd5rudulu4rvilxye3qkuhup5lv5bphaa5ovebzahfrv4mq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

discovery persistence

Link:

https://tria.ge/reports/251123-lw6fdsymcr/

Behaviour

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Drops file in Windows directory

Drops file in System32 directory

Adds Run key to start application

Executes dropped EXE

Modifies system executable filetype association

Boot or Logon Autostart Execution: Active Setup

Verdict:

Malicious

Tags:

Win.Trojan.Ulise-10005646-0

YARA:

n/a

Link:

https://app.threat.zone/submission/3b960de3-b748-44c0-b390-2c96f4592f25

Unpacked files

SH256 hash:

7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19

MD5 hash:

9b1ba3f0292c2099be0fc24b911db7e2

SHA1 hash:

fed244980a40c0808e7735027f556295492bc242

Link:

https://www.unpac.me/results/caa3c994-f65d-4e15-add7-2caaad586375/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.72

Link:

https://yomi.yoroi.company/submissions/7124ad607d8d0745d391aa177c1370550f47f575e85e7003aea903901cb1af19

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/40505/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample