MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a
SHA3-384 hash: 233cc6a45407f61d834ee575368f597e5cc135ae9bee269717446e80063254b97c9b311200b6bb5060732859bc0307d3
SHA1 hash: cb48470ab07b50b2bdda3868d1fec9b8b1b8d96f
MD5 hash: 9afd9eb4460b301174e2a5f7d5f9c707
humanhash: east-kansas-jupiter-freddie
File name:javaws.exe
Download: download sample
File size:93'672'955 bytes
First seen:2026-05-19 20:18:16 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (575 x GuLoader, 128 x RemcosRAT, 83 x EpsilonStealer)
ssdeep 1572864:ZejOYf03PwDdsoMxscxOXCY5gVePQz4/I29s8eZZnZCqJlEjGL11rPZ7:Z4xDd91QkRO/vgqJiS1xB7
TLSH T1EB2833C0651EBD38C3A3C53A7196597D9B5FCCC944E681BDAC92D030BADC922A709F1B
TrID 50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win64 Executable (generic) (6522/11/2)
8.1% (.EXE) Win16 NE executable (generic) (5038/12/1)
7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon b2a89c96a2cada72 (2'283 x Formbook, 981 x Loki, 803 x AgentTesla)
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
RO RO
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/4c23c207-1aeb-43cb-9233-8e0faba8572a/
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
No threats detected
Analysis date:
2026-05-19 20:24:14 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7782cdd4-6546-4a43-bc31-51363ccd82bf

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0cc5aa4f2b29ce04017310
Tags:
vmdetect extens sage blic
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Searching for the window
Sending a custom TCP request
Сreating synchronization primitives
Creating a process from a recently created file
Creating a window
Searching for synchronization primitives
DNS request
Connection attempt
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Running batch commands
Creating a process with a hidden window
Launching a process
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a
Score:
83%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a
Threat name:
Win32.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-05-19 20:06:34 UTC
File Type:
PE (Exe)
Extracted files:
3856
AV detection:
5 of 36 (13.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eb72netcjcc7zmvd7oltbwnnk2lgzlxetuxktraj5csy4bpicj5a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery execution linux spyware stealer
Link:
https://tria.ge/reports/260519-y3ra9scv3z/
Behaviour
Kills process with taskkill
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Contacts third-party web service commonly abused for C2
Looks up external IP address via web service
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 207fa692624885fcb2a3fb9730d9ad56966caee49d2ea9c409e8a58e05e8127a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3850222/
  
Delivery method
Distributed via web download

Comments