MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02
SHA3-384 hash: b686d75c7734745de53ad9ff98caa62d0cf45c749a18c02969d1b025038564867a7e0335901b16c803e016a704888f38
SHA1 hash: 7fb9b58f12e9ad44bef20385725fd6e1dda140e8
MD5 hash: ac6142180d5ea7063019df089baa9dc1
humanhash: chicken-muppet-beer-arizona
File name:file
Download: download sample
File size:2'430'976 bytes
First seen:2025-10-30 23:51:48 UTC
Last seen:2025-10-31 10:32:12 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:YShL12KM4aXU/MAJBYrp0Wg6HaQgmQu1Jkc5SVyZcPbDeFEFNbzvVw1fLem:YSf2K/kAkrpNg6pQktS0SPuFWVw1fLem
TLSH T1A2B5333CFD829985EE7507F2E80419EFA4AAC621975F0B953D46845817E2E3B70D33E8
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.55.189/files/5900855435/lZq6RaQ.exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
106
Origin country :
US US
Vendor Threat Intelligence
Malware family:
vidar
Create hunting rule
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2025-10-30 23:53:55 UTC
Tags:
stealer stealc vidar xor-url generic themida
Link:
https://app.any.run/tasks/798ce01a-468e-4834-bfd1-23cfe8a1cd61

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/34864/
Detection(s):
SecuriteInfo.com.Trojan.Lumma-1.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6903fa4b9942f1282ecab8d7
Tags:
n/a
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Сreating synchronization primitives
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Behavior that indicates a threat
Launching a service
Gathering data
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02
Verdict:
Clean
File Type:
exe x64
First seen:
2025-10-30T21:20:00Z UTC
Last seen:
2025-11-01T14:04:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/fc4a2c8e-de46-4514-81e8-3a6a80a9a959
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/ac6142180d5ea7063019df089baa9dc1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02/
Verdict:
Malicious
Threat:
Family.STEALC
Link:
https://tip.neiki.dev/file/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-10-30 23:52:21 UTC
File Type:
PE+ (Exe)
Extracted files:
1
AV detection:
23 of 38 (60.53%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ednhccjsehfh2sy6dh4l2z4gpu4ndk5unh4mtpks73uha5huxyba._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion spyware trojan
Link:
https://tria.ge/reports/251030-3w1ctadr6s/
Behaviour
Modifies system certificate store
Checks BIOS information in registry
Unpacked files
SH256 hash:
20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02
MD5 hash:
ac6142180d5ea7063019df089baa9dc1
SHA1 hash:
7fb9b58f12e9ad44bef20385725fd6e1dda140e8
Link:
https://www.unpac.me/results/337ec146-1bb4-4099-bd36-2c3bbd2ddfbd/
Malware family:
Vidar
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/20da71093221/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 20da71093221ca7d4b1e19f8bd67867d38d1abb469f8c9bd52fee87074f4be02

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/34864/
  
URLhaus
https://urlhaus.abuse.ch/url/3668639/

Comments