MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
SHA3-384 hash: 25d5604d0f5db80d085ff68fcdc5652622d6b7d565355b57e346ce0e33762b3038c34b0bda7b59318f8e7f7c9407479a
SHA1 hash: 49eb8200eda2aacc2a2ed780e339df97ef13a4d9
MD5 hash: 71fb82d669db05de8874268c3fcfceeb
humanhash: burger-arizona-kentucky-johnny
File name:2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
Download: download sample
File size:80'857'593 bytes
First seen:2026-03-01 09:14:19 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 957d237db44af201299a1e8ffc6df035
ssdeep 786432:a5EosxTUU8XOkBKgPDlURVQp2WV1CVuVwoz3f4JMuBRWYF3eKKYdiaIFXEE9eW:a6oslbkJxURVQp2K1C6PIM6Oud20y
TLSH T18908E01663A116AAD97BD1388AAB6503EB73B4071330C7DF329C43712F63AE45D7A760
TrID 38.2% (.EXE) Win64 Executable (generic) (6522/11/2)
26.4% (.EXE) Win32 Executable (generic) (4504/4/1)
11.8% (.EXE) OS/2 Executable (generic) (2029/13)
11.7% (.EXE) Generic Win/DOS Executable (2002/3)
11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon f89efcf8f971f2e0 (10 x NodeLoader, 9 x FixStealer, 6 x Amadey)
Reporter JAMESWT_WT
Tags:exe kurdishmyth MythJs

Intelligence

File Origin
# of uploads :
1
# of downloads :
132
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
Verdict:
Malicious activity
Analysis date:
2026-03-01 09:21:58 UTC
Tags:
nodejs anti-evasion discord stealer susp-powershell generic ims-api
Link:
https://app.any.run/tasks/791f62b0-b9c8-4de5-9906-3a3093b0b90f

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a403d6c950ab5d9ab2df30
Tags:
n/a
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
expand lolbin microsoft_visual_cc overlay packed pkg
Link:
https://www.filescan.io/uploads/69a403bbd967dbda74ef7dff/reports/bfe47145-b6b7-4a6a-9dc6-b2c0316bef33/overview
Verdict:
Suspicious
Labled as:
Trojan.Stealer.Win64
Link:
https://www.hybrid-analysis.com/sample/2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
Verdict:
Malicious
File Type:
exe x64
Detections:
Trojan.Win64.Agent.smfpma
Link:
https://opentip.kaspersky.com/2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9/results?tab=lookup
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/2419ab809a939f9cdaa1de70b1a520e9b238a029d7c490f0aac76727f42a21b9
Threat name:
Win64.Trojan.Redirector
Create hunting rule
Status:
Malicious
First seen:
2026-02-28 00:42:25 UTC
File Type:
PE+ (Exe)
Extracted files:
13
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqm2xae2sopzzwvb3zyldjja5gzdribj27cjb4fky5tsp5bkeg4q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion execution spyware stealer
Link:
https://tria.ge/reports/260301-k79frahs8f/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Checks BIOS information in registry
Loads dropped DLL
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments