MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62
SHA3-384 hash: caf2eefba1e0e6cf3e0afdb967316682c6c3cb5216578240db5b8c1e135079c4c95c184d53cfd8e0db4ae3d2db7e9e9f
SHA1 hash: 5426bf0710c3364f8584f79012a6306a03333eae
MD5 hash: c5681a3f5f23c37b40a663b6fa42a9c3
humanhash: arizona-north-purple-hamper
File name:Installer.exe
Download: download sample
File size:92'204'544 bytes
First seen:2025-12-03 14:23:50 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:9pNzhI+nsVt6mHaIvAN6v+s4pgPVlcmgF:9DNI+nsPcN6v+A
TLSH T157187D13B3A704D5E8F7DA7496E65223A932BC062F3085DF324C47261F73AE05A76B61
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
420
Origin country :
NL NL
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/25333af0-1a5f-463a-869d-544f40d7b030/
Malware family:
n/a
ID:
1
File name:
Installer.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-03 14:23:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0fa0d667-99a0-4726-aa76-dac7b048b364

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693047ef264b106bd6467796
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Restart of the analyzed sample
Creating a process with a hidden window
Launching a process
Creating a file
Creating a file in the %temp% directory
Using the Windows Management Instrumentation requests
Searching for synchronization primitives
Creating a process from a recently created file
DNS request
Connection attempt
Moving a recently created file
Searching for analyzing tools
Searching for the window
Сreating synchronization primitives
Sending a custom TCP request
Sending an HTTP GET request
Creating a window
Running batch commands
Connection attempt to an infection source
Unauthorized injection to a recently created process
Sending an HTTP GET request to an infection source
Adding an exclusion to Microsoft Defender
Verdict:
Suspicious
Labled as:
Trojan.Heur
Link:
https://www.hybrid-analysis.com/sample/26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-03T11:42:00Z UTC
Last seen:
2025-12-04T11:58:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.Inject.sb Trojan.Win32.Inject.aquwy
Link:
https://opentip.kaspersky.com/26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1825472
Signature
Joe Sandbox ML detected suspicious sample
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1825472 Sample: Installer.exe Startdate: 03/12/2025 Architecture: WINDOWS Score: 52 27 Joe Sandbox ML detected suspicious sample 2->27 29 Sigma detected: Potential WinAPI Calls Via CommandLine 2->29 8 Installer.exe 1 2->8         started        11 svchost.exe 1 1 2->11         started        process3 dnsIp4 31 Suspicious powershell command line found 8->31 14 Installer.exe 1 8->14         started        17 conhost.exe 8->17         started        25 127.0.0.1 unknown unknown 11->25 signatures5 process6 signatures7 33 Suspicious powershell command line found 14->33 19 tasklist.exe 1 14->19         started        21 powershell.exe 4 14->21         started        process8 process9 23 conhost.exe 19->23         started       
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/26ce2660a8012a25e829d70be8ef36b2b6aa0dc7d8d10a61aeb11f75c2f77a62
Threat name:
Win64.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-03 14:23:46 UTC
File Type:
PE+ (Exe)
Extracted files:
11
AV detection:
8 of 24 (33.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e3hcmyfiaevcl2bj24f6r3zwwk3kudoh3diquynowepxlqxxpjra._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/251203-rqzzbadk4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/46d98d65-0581-47c0-b6c3-fbf727a2bcb6
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments