MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
SHA3-384 hash: 3608783501e0651852cc9a8e2f9ab1c46bf56ae5c61f3b7685bfffc47ebd208916f44d1edc4ed40a920890c92482d977
SHA1 hash: 635a4e3672760df9851a616f755a60827c0baff1
MD5 hash: fd084a52d0b57f5960c1a89cd7d7e698
humanhash: speaker-fruit-connecticut-neptune
File name:file
Download: download sample
File size:386'048 bytes
First seen:2025-12-02 18:01:38 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 60559adcf3698c3eb3c69577ebf28413 (1 x njrat, 1 x DonutLoader)
ssdeep 6144:H4v+WDMdMkKB6IV3gHYZsxj4Pg8gfO1Wpou7AGWVal3vvAjWgwW0pIqM:HM+WQdMyFHYZsx8Pg3B33g2PpIq
Threatray 755 similar samples on MalwareBazaar
TLSH T1C38423D22B294FE1D1D5DEFB14D7A607AEE32C82958D942223DF994B52D1BC1833E903
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.55.189/files/8086089882/4ahvQ2R.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3.exe
Verdict:
No threats detected
Analysis date:
2025-12-02 18:02:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/21789a6c-99d2-4d2a-94ee-750d1df5c1f7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/42172/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692f29a9264b106bd64613c8
Tags:
malware
Gathering data
Verdict:
Malicious
Labled as:
Lazy.Generic
Link:
https://www.hybrid-analysis.com/sample/1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
Result
Gathering data
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-02T15:09:00Z UTC
Last seen:
2025-12-02T15:09:00Z UTC
Hits:
~10
Detections:
Trojan.Win64.Donut.sb Trojan.Win32.Shellcode.sb Trojan.Win64.Agentb.sb PDM:Trojan.Win32.Generic Trojan.Win64.DonutInjector.sb
Link:
https://opentip.kaspersky.com/1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/aad10d56-11c6-4810-bb04-42cf55861291
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/fd084a52d0b57f5960c1a89cd7d7e698
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3/
Verdict:
Malicious
Threat:
Family.DONUTLOADER
Link:
https://tip.neiki.dev/file/1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
Threat name:
Win64.Backdoor.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-02 18:02:18 UTC
File Type:
PE+ (Exe)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d22c2pexrdvj6eozcafyt43urranpycu65x42wrc4fon6xi4fkzq._file
Verdict:
malicious
Label(s):
donutloader
Create hunting rule
Similar samples:
05e784ff9230251d5cb3b55390361ab79090656b1beb408676ee2abc6009e247
0f5d52e0b104dc37a4b8832bb9a691f1f42bc90589faf62a58281a8f59a881f0
1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
31397c64177dd2f32735196b3d31d9f60a590a0b90a8d5bd266a57e7878832b3
5264cd7cdea31afc7ca53cb75fdbcba6bccc2cd812fbd0f003f13b1935be518f
9a8057b07ef25912763b238cafed2941ac266e8b4edba123b77ab2785104d4fd
error
+ 745 additional samples on MalwareBazaar
Result
Malware family:
donutloader
Create hunting rule
Score:
  10/10
Tags:
family:donutloader loader
Link:
https://tria.ge/reports/251202-wmj6xaxrhn/
Behaviour
Detects DonutLoader
DonutLoader
Donutloader family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7dc96820-2513-45cd-86ae-f0cac837b694
Unpacked files
SH256 hash:
1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3
MD5 hash:
fd084a52d0b57f5960c1a89cd7d7e698
SHA1 hash:
635a4e3672760df9851a616f755a60827c0baff1
Link:
https://www.unpac.me/results/8ec6b8e1-c198-4d47-ab8b-0e31c7ca39f7/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 1eb42d3c9788ea9f11d9100b89f3748c40d7e054f76fcd5a22e15cdf5d1c2ab3

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3723533/
Cape
Cape
https://www.capesandbox.com/analysis/42172/

Comments