MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 2 File information Comments

SHA256 hash:	24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e
SHA3-384 hash:	bde7d948ad6a3199594d0101f235f28df33bf2f4d2fbe6db862b91aa975382d4af3ead24e0849c1c1a9747eb73406b8a
SHA1 hash:	6c94321b802e00388b9863acd8c72005ca4d7e28
MD5 hash:	1ef84563cd9f50994e0a8e3b026e2ee6
humanhash:	mockingbird-lake-william-massachusetts
File name:	rREVISEDEPDAforNOVEMBER28-UPDATED_STATEMENT_.exe
Download:	download sample
File size:	675'840 bytes
First seen:	2026-01-12 02:30:06 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	12288:Y6ITnLIPgi75s6TZ8kYS1BCPQpmxvgpIFTTEnusaLUHxfNV:6MIM5bCS/CZg8TEj/HD
Threatray	240 similar samples on MalwareBazaar
TLSH	T113E40158220EDD02C8511FB40972E3B86B788EEDE951D347DFF97EDFF92AA545840282
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	FXOLabs
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

129

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

rREVISEDEPDAforNOVEMBER28-UPDATED_STATEMENT_.exe

Verdict:

No threats detected

Analysis date:

2026-01-12 02:30:37 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/a5418f0f-c8e0-4f58-809d-11e62ea18cbd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/48573/

Detection(s):

Porcupine.Trojan.PSW.MSIL.Agensla.gen.482949.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69645cd2a3ed2a87ae3e6eb2

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

DNS request

Unauthorized injection to a recently created process

Restart of the analyzed sample

Searching for synchronization primitives

Creating a file

Launching the default Windows debugger (dwwin.exe)

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

krypt masquerade packed vbnet

Link:

https://www.filescan.io/uploads/69645cce07ef5fa68e84c5c0/reports/7de65e83-9d92-4444-ab04-fac0142275ff/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_60%

Link:

https://www.hybrid-analysis.com/sample/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-01-11T23:12:00Z UTC

Last seen:

2026-01-13T14:59:00Z UTC

Hits:

~1000

Detections:

Trojan-PSW.MSIL.Agensla.g Trojan.MSIL.Taskun.sb Trojan.MSIL.Crypt.sb HEUR:Trojan-Spy.MSIL.Agent.sb HEUR:Trojan-PSW.MSIL.Agensla.gen HEUR:Trojan.MSIL.Injector.gen Trojan-PSW.Win32.Disco.sb Trojan-PSW.MSIL.Agensla.sb

Link:

https://opentip.kaspersky.com/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/80ada7c5-8d74-45fa-a5a1-d98aaf6c8f90

Score:

96%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.30 Win 64 Exe x64

Link:

https://app.malva.re/file/1ef84563cd9f50994e0a8e3b026e2ee6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e/

Verdict:

Malicious

Threat:

Trojan-PSW.MSIL.Agensla

Link:

https://tip.neiki.dev/file/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

Threat name:

Win64.Trojan.PureLogStealer

Status:

Malicious

First seen:

2026-01-12 01:53:42 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

16 of 24 (66.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=etjgjrnxo6tkdgmrnkt27izosi2yvkorhzuvanncwgbil6wnvmha._file

Verdict:

malicious

Label(s):

unc_loader_078

5a0b5dc86cd2a408434f885be7c44ae25ac4e3b7320da9737119f81183be9dba

7da365ee6fe68f361e5c9186af3ff4a91901f409ea28dd72e20d192e6f7880ab

a19f4c04fad3b4dc95575d3f3b2a4fdfd75556e2c79dd64a08d6e035ea92fda1

ec595bacfb1aede541f76c88ef83d2d43aab06d7379ab78841c2d8740358543a

error

+ 230 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

5/10

Tags:

n/a

Link:

https://tria.ge/reports/260112-czgf1aay4d/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of SetThreadContext

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/74fd2ed1-d1b6-4448-b05c-b3ca3aa996ca

Unpacked files

SH256 hash:

24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

MD5 hash:

1ef84563cd9f50994e0a8e3b026e2ee6

SHA1 hash:

6c94321b802e00388b9863acd8c72005ca4d7e28

Link:

https://www.unpac.me/results/b0e7ff91-2bb3-406b-8c7c-2c411fb09bc1/

Malware family:

AgentTesla

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/24d264c5b777/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.49

Link:

https://yomi.yoroi.company/submissions/24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

exe 24d264c5b777a6a199916aa7afa32e92358aa9d13e695035a2b18285facdab0e

(this sample)

Delivery method

Distributed via e-mail attachment

Cape

https://www.capesandbox.com/analysis/48573/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample