MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
SHA3-384 hash: e76461081cfad0bf3b750f825663e387d950b4592f42a6fbaa1cfd39a6daad1be80548aa1093ee28110cafa64c1c5a8d
SHA1 hash: 7cc4fa41a6aeef9ee1685cddf101cdbc0c8990f8
MD5 hash: ca9bfdd54eee2b9179a09ca6b52e8c3a
humanhash: april-jig-thirteen-sodium
File name:Booster.exe
Download: download sample
File size:108'544 bytes
First seen:2025-10-17 00:47:47 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 2c5f2513605e48f2d8ea5440a870cb9e (60 x Babadeda, 6 x AveMariaRAT, 5 x CoinMiner)
ssdeep 1536:j7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfXwKvNiJPVLOj:/7DhdC6kzWypvaQ0FxyNTBfXNliJNM
Threatray 3'068 similar samples on MalwareBazaar
TLSH T19EB39F41F3E141F7E6F1053101A6722FAB35A2349724E8DBC79C2D435913AD5AA3D3E9
TrID 36.9% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
19.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
12.4% (.EXE) Win64 Executable (generic) (10522/11/4)
7.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
5.9% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
Reporter skocherhan
Tags:exe malwaresvrmpl-netlify-app


Avatar
skocherhan
https://malwaresvrmpl.netlify.app/Booster.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
87
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
Booster.exe
Verdict:
Suspicious activity
Analysis date:
2025-10-17 00:49:33 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/04d2ef18-e314-4e48-8b75-c3751f4dd0be

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/33130/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34587420.17402.2208.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f192630cffb324429898b7
Tags:
virus shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Running batch commands
Launching the process to interact with network services
Launching a process
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending a custom TCP request
Creating a window
Adding an exclusion to Microsoft Defender
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context bat_to_exe_converter packed packed powershell purebasic unsafe zero zusy
Link:
https://www.filescan.io/uploads/68f19260057c46a471d0610c/reports/871caffe-461c-4a4d-8ade-c07b6c5cfb7c/overview
Verdict:
Malicious
Labled as:
Dropper.Generic.BAT.Downloader.N
Link:
https://www.hybrid-analysis.com/sample/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-09T19:11:00Z UTC
Last seen:
2025-10-17T00:52:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.Agent.sb PDM:Trojan.Win32.Generic HEUR:Trojan.MSIL.Quasar.gen Trojan.Win32.Agent.xcakfc NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C HackTool.ReconScan.HTTP.ServerRequest
Link:
https://opentip.kaspersky.com/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/7ce24527-4645-4d28-856f-e8010b70d383
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/ca9bfdd54eee2b9179a09ca6b52e8c3a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1/
Verdict:
Malicious
Threat:
Trojan.MSIL.HTTP
Link:
https://tip.neiki.dev/file/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2025-10-09 23:16:18 UTC
File Type:
PE (Exe)
Extracted files:
3
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=evlggt2yhh7mpeovcs6fu5kp43wf3yz5otr4t34n7ptellh5xdyq._file
Verdict:
malicious
Label(s):
unc_loader_048
Create hunting rule
Similar samples:
15dab1b74bd82eb2598a93a32443678b6cc668637e593d46507f003680ef12dc
2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
54377c4b80cf5ba0fec73f37bd9e0179e0a3b6de2fd4d97090a8dc5cff87349f
575f873a92dfc925ba8da5ad7e4f6aa6219e30086268ccc80720b86be5c13e2f
5cd245b85977f15164264ee3234214ae23c2fea51b2e113d7d1cc22150dc6ff8
661e013051ed8e72171e2a848cd9dd8c83735fc271a540f67fdeee2ece118ddc
690ca0a28e2657855d2e2f85a3da01be4d0e8f971878a7913f37a6a0f8376408
b663d0fc363e22066dc538db7a5b1be1c548e6b6120bcff4c347e0f08125b70a
e18302f0ee0e1e3a293697c37418902fa9a2127465dbd047fcc58c3f2b64dfab
error
+ 3'058 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery execution
Link:
https://tria.ge/reports/251017-a52m1sdv2c/
Behaviour
Delays execution with timeout.exe
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
trojan
YARA:
SUSP_Imphash_Mar23_3
Link:
https://app.threat.zone/submission/77aea78b-05c7-469b-8da9-5e2b674a8b65
Unpacked files
SH256 hash:
2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1
MD5 hash:
ca9bfdd54eee2b9179a09ca6b52e8c3a
SHA1 hash:
7cc4fa41a6aeef9ee1685cddf101cdbc0c8990f8
Link:
https://www.unpac.me/results/0beddabe-6e16-42b2-8827-7c99c69c0a56/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:PureBasic4xNeilHodgson
Create hunting rule
Author:malware-lu
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SUSP_Imphash_Mar23_3
Create hunting rule
Author:Arnim Rupp (https://github.com/ruppde)
Description:Detects imphash often found in malware samples (Maximum 0,25% hits with search for 'imphash:x p:0' on Virustotal) = 99,75% hits
Reference:Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

1b8cd6c8af41d85a791384b7a04c8696

Executable exe 2556634f5839fec791d514bc5a754fe6ec5de33d74e3c9ef8dfbe645acfdb8f1

(this sample)

  
Dropped by
MD5 1b8cd6c8af41d85a791384b7a04c8696
  
Dropped by
MD5 6350cfe0a18698c105fbd0d0617fd5b2
  
Dropped by
MD5 b86ebcd3a6a187ac2f34e19e551894f7
  
Dropped by
MD5 8f67eab3bcb45857e29585f02cd1b39c
  
Dropped by
MD5 4e785bb7bcade87f2e5da20ac49df1a6
  
Dropped by
MD5 792ad2711fe8f96878b2000c032e5cc2
Cape
Cape
https://www.capesandbox.com/analysis/33130/

Comments