MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70
SHA3-384 hash: c34b3a9c37d57e71e39ec4fc066c00cfdffc664039c61ec467069554ee2abcf392bf241a9a9770ab7116746aae5dd0bf
SHA1 hash: 56f238db5eb49c267bcec713390be6959241db8d
MD5 hash: 3f69857166135cb050f950344a3cb9f6
humanhash: uncle-mississippi-asparagus-nevada
File name:038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70
Download: download sample
File size:80'848'917 bytes
First seen:2026-03-01 09:15:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 957d237db44af201299a1e8ffc6df035
ssdeep 786432:a5EosxTUU8XOkBKgPQYYURVjBWV1CVucwoz3fEUhWABRWYF3eKE6Av0kdIhc/4kl:a6oslbkJrYURVjBK1C9PvWIOYAvldIGl
TLSH T18508D01663A116AAD97BD1388AAB6503EB73B4071330C7DF329C43712F63AE45D7A760
TrID 38.2% (.EXE) Win64 Executable (generic) (6522/11/2)
26.4% (.EXE) Win32 Executable (generic) (4504/4/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.7% (.EXE) Generic Win/DOS Executable (2002/3)
11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe kurdishmyth

Intelligence

File Origin
# of uploads :
1
# of downloads :
120
Origin country :
IT IT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9550caf3-780d-4de7-ae38-a497f8dc1915/
Malware family:
n/a
ID:
1
File name:
_038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70.exe
Verdict:
Malicious activity
Analysis date:
2026-03-01 09:20:53 UTC
Tags:
nodejs anti-evasion discord
Link:
https://app.any.run/tasks/5f03cda8-f67a-4886-9200-7c21750f1cae

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a404028fffa866e3b3a255
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
expand lolbin microsoft_visual_cc overlay packed pkg
Link:
https://www.filescan.io/uploads/69a403ee10e80629d4f7334f/reports/b397254e-b4fa-4068-9582-b8c73a24b090/overview
Verdict:
Suspicious
Labled as:
Trojan.Stealer.Win64
Link:
https://www.hybrid-analysis.com/sample/038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70
Result
Gathering data
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70/results?tab=lookup
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/038de133c7851de6114b5df6d19bbe8815a977c488b6efd50f050e013f2fff70
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aog6cm6hquo6mekllx3ndg56rak2s56erc3o7vipauhacpzp75ya._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion execution spyware stealer
Link:
https://tria.ge/reports/260301-k85h7aht5a/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments