MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Adware.Techsnab


Vendor detections: 12


Intelligence 12 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c
SHA3-384 hash: eaa2a0a874b0b99493f9e4b643044a7f2a41e4320e38d1b454eeb01021622f3105ef7e7848d576950e4bd57c152d0d31
SHA1 hash: 9a9567e35648441069f5792f0e97a487e77e6ca4
MD5 hash: e246a217dae38c4026cac1e5670ded36
humanhash: crazy-double-neptune-kansas
File name:file
Download: download sample
Signature Adware.Techsnab
Create hunting rule
File size:1'067'520 bytes
First seen:2025-11-01 22:25:43 UTC
Last seen:2025-11-05 09:18:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
ssdeep 12288:MvUZAyeKAoScRH+s3zWx0jGfTuoZ2rciMxJM3TwO8dm1GuTicT+uqWMf3lk2C:M8ZAy3AoV4x0jGfTlici2tiGuTDMbC
TLSH T148356B12A3F84A61F1BB6638957297169B317C44AB31CBCF02A0D06D2DB3BD09E35767
TrID 39.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
24.9% (.EXE) Win64 Executable (generic) (10522/11/4)
11.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
4.9% (.EXE) Win16/32 Executable Delphi generic (2072/23)
4.8% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter Bitsight
Tags:178-16-53-180 Adware.Techsnab dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.55.189/files/5638395652/Vo7vnUB.exe

Intelligence

File Origin
# of uploads :
4
# of downloads :
123
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2025-11-01 22:27:55 UTC
Tags:
discord exfiltration stealer github api-base64 wmi-base64
Link:
https://app.any.run/tasks/f2f330ae-edf7-4361-8edd-65c78fcafd84

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34972/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690689329942f1282ecb4189
Tags:
malware
Result
Verdict:
Clean
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Connection attempt
Sending a custom TCP request
Connecting to a non-recommended domain
Sending an HTTP GET request
Creating a file
Gathering data
Verdict:
Malicious
Labled as:
Trojan.Win64.MSIL_Heur
Link:
https://www.hybrid-analysis.com/sample/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-01T20:57:00Z UTC
Last seen:
2025-11-03T10:28:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e895a06b-3e07-4872-a92d-49e9ad25b91c
Score:
88%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.19 Win 64 Exe x64
Link:
https://app.malva.re/file/e246a217dae38c4026cac1e5670ded36
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c/
Verdict:
Malicious
Threat:
ByteCode-MSIL.Infostealer.DiscordStealer
Link:
https://tip.neiki.dev/file/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c
Threat name:
Win64.Trojan.Amadey
Create hunting rule
Status:
Suspicious
First seen:
2025-11-01 22:27:43 UTC
File Type:
PE+ (.Net Exe)
Extracted files:
25
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cstgskxolivugnwqnchxqxchk7rhzgfqdkrdli3hpuln4ntozewa._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
error
Adware.Techsnab
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/251101-2cr2navpbm/
Behaviour
Suspicious use of AdjustPrivilegeToken
Legitimate hosting services abused for malware hosting/C2
Unpacked files
SH256 hash:
14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c
MD5 hash:
e246a217dae38c4026cac1e5670ded36
SHA1 hash:
9a9567e35648441069f5792f0e97a487e77e6ca4
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
SH256 hash:
6b9720c135e62c506f3114d4604b8279914c2ce4ad67676b2f14b5b4138eb450
MD5 hash:
1c0060c9bd619ebc4632d906e0b30911
SHA1 hash:
aae91fdd15c1e9d035ffab07c1b059eafefef127
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
SH256 hash:
98b17554d53cc804686af91689cd0790c8f0d81148af4180ddeadef7982bfc4e
MD5 hash:
1bae26e852326adb07332394f79fc715
SHA1 hash:
e5d58e6b43cd2a4ec4c8ddbe5a007d6c64e797c2
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
SH256 hash:
d658cbcee9cb52f8c91110934190b8fc81592238abc09d7dcdf1b4e338b8a36e
MD5 hash:
6610f5e0c3af7dee94999842adead034
SHA1 hash:
11db527ff5c8b5623bc011712742c44118d634b1
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
SH256 hash:
209001fe2d1bf02b587b746d6d9a130d0ee9b237a8943749ec32aac11ad6080a
MD5 hash:
7bf62855c98041a96b665f0c120ee7a1
SHA1 hash:
8924fc06bd3006917b842de484831852481aeca5
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
SH256 hash:
d6e42a3644581856dba77d0f66420879c4e22fd1d1babf56074313f645e4c2c4
MD5 hash:
464bd8e7a94cf17de8dba0aca628bfce
SHA1 hash:
5becb1f8d16908ab9877cf223e7f4b0a17b89e6e
Link:
https://www.unpac.me/results/d6b66a6d-1da6-470b-bffb-4ce97418c4d8/
Malware family:
DeerStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/14a6692aee5a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Adware.Techsnab

Executable exe 14a6692aee5a2b4336d0688f785c4757e27c98b01aa235a3677d16de366ec92c

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/34972/
  
URLhaus
https://urlhaus.abuse.ch/url/3693624/

Comments