MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed
SHA3-384 hash:	396f94a95ec1c0f4250ffe6959824137280709aee7959ad3a8cc374b905fb9c726503812243085c920d1e85ac931c8be
SHA1 hash:	2c732d4ed42332996437c7f363e7eb71005c5de6
MD5 hash:	fc3c26e0ad9ea5622bef527c5b2c553e
humanhash:	sweet-nuts-bacon-speaker
File name:	fc3c26e0ad9ea5622bef527c5b2c553e.exe
Download:	download sample
File size:	13'517 bytes
First seen:	2026-02-04 09:34:57 UTC
Last seen:	2026-02-04 10:26:52 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'754 x AgentTesla, 19'661 x Formbook, 12'252 x SnakeKeylogger)
ssdeep	192:rJqYMZI8pv6ibECRconrdb/iv1r1HW1199Cbs41QzJVIv+IoUMqnhX7s6Za:wY8xp93rdb/iv1R21199CbedcHoSB8
TLSH	T150521A08A748427EC6BE0B759CB397044678E38B9903EF8F6DCC91CE5E26BD946117D2
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	abuse_ch
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

103

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

fc3c26e0ad9ea5622bef527c5b2c553e.exe

Verdict:

No threats detected

Analysis date:

2026-02-04 09:36:06 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/8f848249-fc2d-4a5d-8c2d-2ab553d8f4cb

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/51637/

Detection(s):

SecuriteInfo.com.Trojan.Siggen32.21082.22233.27153.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=698312dc6b1af47db72cae46

Tags:

injection micro

Verdict:

Malicious

Labled as:

IL:Trojan.MSILZilla

Link:

https://www.hybrid-analysis.com/sample/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed

Result

Gathering data

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-01-31T03:59:00Z UTC

Last seen:

2026-01-31T04:23:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/25e5cd33-4897-49c3-af68-60a5ba05fbf4

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1863129

Signature

Antivirus / Scanner detection for submitted sample

Joe Sandbox ML detected suspicious sample

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

76%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed

Verdict:

inconclusive

YARA:

9 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.33 Win 32 Exe x86

Link:

https://app.malva.re/file/fc3c26e0ad9ea5622bef527c5b2c553e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed/

Verdict:

Malicious

Threat:

DangerousObject.Multi

Link:

https://tip.neiki.dev/file/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed

Threat name:

ByteCode-MSIL.Trojan.Stormkitty

Status:

Malicious

First seen:

2026-01-31 08:42:22 UTC

AV detection:

25 of 38 (65.79%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=e2bi6ixtyik7vbkrzt2tfrcs5ehusxt7cfowuum6oqis4gmipdwq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260204-lkg9escs7c/

Behaviour

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed

MD5 hash:

fc3c26e0ad9ea5622bef527c5b2c553e

SHA1 hash:

2c732d4ed42332996437c7f363e7eb71005c5de6

Link:

https://www.unpac.me/results/e2d6ba89-2eb2-49d4-bdd8-aa0854fbd812/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.77

Link:

https://yomi.yoroi.company/submissions/26828f22f3c215fa8551ccf532c452e90f495e7f115d6a519e74112e198878ed

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/51637/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample