MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 13


Intelligence 13 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7
SHA3-384 hash: 25776b9a621664e52a51cc970db745833591f49771406ab09fcb0a1c07d09fa2eaca9b749e563d6d60be8d79080491f8
SHA1 hash: 626dece5742ddb19450267a7cb77468c9159e300
MD5 hash: 1a299e0d06c794b2a87bd6be9c633857
humanhash: helium-comet-colorado-sodium
File name:SecuriteInfo.com.Win64.MalwareX-gen.48466563
Download: download sample
File size:29'696 bytes
First seen:2025-11-28 20:42:40 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4b2df774f65211b4962a056c4da67248
ssdeep 768:3SyJIBSNxAq1/VPRMzZhSM9og1gsNhu9sCWI:3hI5o2zsa7u9UI
TLSH T108D2D00751902F38FAFC09369F3A9955203DB8365FB6C3989B62544E68D0443BDBCBE1
TrID 63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12)
24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6)
4.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.8% (.ICL) Windows Icons Library (generic) (2059/9)
1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe UPX
File size (compressed) :29'696 bytes
File size (de-compressed) :61'952 bytes
Format:win64/pe
Unpacked file: db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
Setup.exe
Verdict:
Malicious activity
Analysis date:
2025-11-28 19:38:32 UTC
Tags:
loader auto sliver framework stealer purecrypter purelogs payload silverfox backdoor valley winos rat metastealer redline exfiltration purehvnc meduza netreactor github ta558 apt stegocampaign reverseloader valleyrat evasion phishing nanocore upx
Link:
https://app.any.run/tasks/6e2b3a50-83b0-4e79-9355-50fa6dd70af3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/41739/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692a09646657e3433281f265
Tags:
autorun virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sending a custom TCP request
DNS request
Enabling autorun by creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug barys crypto packed packed packed upx
Link:
https://www.filescan.io/uploads/692a09602cd29ea6300306b8/reports/1812c3ad-40ea-49c7-8c32-68031d65555a/overview
Verdict:
Malicious
Labled as:
Trojan[Ransom]/MSIL.HiddenTear
Link:
https://www.hybrid-analysis.com/sample/13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-28T16:55:00Z UTC
Last seen:
2025-11-28T17:24:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/694e3662-5daf-460d-b32a-d63ba21e1932
Score:
98%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/1a299e0d06c794b2a87bd6be9c633857
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7/
Threat name:
Win64.Trojan.Barys
Create hunting rule
Status:
Malicious
First seen:
2025-11-28 20:43:15 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
20 of 36 (55.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cmmz273py2nios5vroww5vj5ouqo54flatceqn6xwxojoh3lk7dq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
upx
Link:
https://tria.ge/reports/251128-zhm9js1mal/
Behaviour
UPX packed file
Drops startup file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d6e796dc-409e-4fb6-84c9-b5f86abe9f6a
Unpacked files
SH256 hash:
13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7
MD5 hash:
1a299e0d06c794b2a87bd6be9c633857
SHA1 hash:
626dece5742ddb19450267a7cb77468c9159e300
Link:
https://www.unpac.me/results/197aa9d0-4f76-498f-be91-9ec6e0dc1b5d/
SH256 hash:
db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a
MD5 hash:
10fdc469222762be86798d6aeb7b63ca
SHA1 hash:
09277993e858e04bb7f94dff37757ddcdf093e7c
Link:
https://www.unpac.me/results/197aa9d0-4f76-498f-be91-9ec6e0dc1b5d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 13199d7f6fc69a874bb58bad6ed53d7520eef0ab04c44837d7b5dc971f6b57c7

(this sample)

Executable exe db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a

  
URLhaus
https://urlhaus.abuse.ch/url/3718974/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/41739/
  
Dropping
SHA256 db997aea67bd2b1c44197611ae6d796deeab488b92b2d2c6140e66eb0604272a
  
Dropping
MD5 10fdc469222762be86798d6aeb7b63ca

Comments