MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a
SHA3-384 hash: 8bbe2457e14dc06c4ce3fd0076f5d4b34289ac5f553f7d32093247e4797d024f48ef0a46b59658ea8e56c365ab396f38
SHA1 hash: b38a553d288a0d6cc9dc6c66105af5505d016cea
MD5 hash: b61cc4b9473acc7ba220ac0de403b0f2
humanhash: seven-ceiling-social-august
File name:SecuriteInfo.com.Trojan.Siggen31.60008.22823.13355
Download: download sample
File size:678'912 bytes
First seen:2025-10-05 14:22:21 UTC
Last seen:2025-10-05 15:18:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'652 x AgentTesla, 19'463 x Formbook, 12'204 x SnakeKeylogger)
ssdeep 12288:fz3PJM5sAkUJ8pK3pOyyH3XyXL4t2y5SVRmtqfUJ0Gd1q0qDXaFflDjpCAGZBNnn:f7hMf8pupOyyH3Xy7LyCG5FqDaFflJYb
Threatray 9 similar samples on MalwareBazaar
TLSH T117E4DFE6134FB221D39ECCFE809D7B850AA267ED8B76F74AD19861BF4C085D6160740E
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
59
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Siggen31.60008.22823.13355
Verdict:
Malicious activity
Analysis date:
2025-10-05 14:56:10 UTC
Tags:
anti-evasion stealer
Link:
https://app.any.run/tasks/70cf137e-8bbc-404b-91fa-74044f5d7fc0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/30626/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e27ff86bc7e25d18cbff6b
Tags:
packed virus msil
Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching a process
Searching for synchronization primitives
Launching the default Windows debugger (dwwin.exe)
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt obfuscated obfuscated packed packed packer_detected smartassembly smart_assembly
Link:
https://www.filescan.io/uploads/68e282525a3bccf09eb886ba/reports/a79db08a-36e9-43c4-b184-3679961cb09f/overview
Verdict:
Malicious
Labled as:
Jalapeno.Generic
Link:
https://www.hybrid-analysis.com/sample/1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-30T03:37:00Z UTC
Last seen:
2025-10-07T12:44:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/2f85e993-a2ab-4a32-b5cf-ea3335e35f4e
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a
Verdict:
inconclusive
YARA:
11 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.42 Win 32 Exe x86
Link:
https://app.malva.re/file/b61cc4b9473acc7ba220ac0de403b0f2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a/
Threat name:
Win32.Trojan.StealerPacker
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 15:34:20 UTC
File Type:
PE (.Net Exe)
AV detection:
26 of 38 (68.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dt2bx3ngguvglj7k5uuzf3uckmglkbcldiilnbtcr7g4wfpxfyva._file
Verdict:
malicious
Label(s):
rhadamanthys
Create hunting rule
Similar samples:
0d62e2a8839487357b389dfd2e65d085d19eb3a73f5cc35a575babca9c7b2611
1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a
6a53e1b4849109ad37748e22218d2bc34c1e5e8601cb4c6fa8eb42b3e6674d01
7a367da940964404bcef9ab9040077196078ed164fdc8f7ec14afe51cedd1ea2
b53080d417c8ca9b6e0bb9b038074bd2e8186ad902462e98fa420f68407b56db
cde4f6da8f99a183f25f737f3cb4123f68e020e066dc8dedd77c95fd7abd84b1
error
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/251005-rx8j2azpx2/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f4e3ae6d-61df-4369-b410-cf755e9b238e
Unpacked files
SH256 hash:
1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a
MD5 hash:
b61cc4b9473acc7ba220ac0de403b0f2
SHA1 hash:
b38a553d288a0d6cc9dc6c66105af5505d016cea
Link:
https://www.unpac.me/results/38a296f3-354d-44a9-a707-a4b325a8772f/
SH256 hash:
5a35c18a6168aecd0f9b8b58402fdcdd2cf799586c7a408f85e481c2ab5e1ecb
MD5 hash:
46625d01d4f4d49906540837acf97933
SHA1 hash:
ec092450d9dc9fca91717246dceee146d92a0213
Link:
https://www.unpac.me/results/38a296f3-354d-44a9-a707-a4b325a8772f/
Malware family:
Rhadamanthys
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/1cf41beda635/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:cobalt_strike_tmp01925d3f
Create hunting rule
Author:The DFIR Report
Description:files - file ~tmp01925d3f.exe
Reference:https://thedfirreport.com
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_EXE_Packed_SmartAssembly
Create hunting rule
Author:ditekSHen
Description:Detects executables packed with SmartAssembly
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1cf41beda6352a65a7eaed2992ee82530cb5044b1a10b686628fcdcb15f72e2a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3657728/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/30626/

Comments