MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 273e1b62d3782e610890ad9ca69ab7afa99e108b63eb41b0e455bc23630f4b68. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 14
| SHA256 hash: | 273e1b62d3782e610890ad9ca69ab7afa99e108b63eb41b0e455bc23630f4b68 |
|---|---|
| SHA3-384 hash: | b059fc4cb38ad76458d145f77995f5aed0746ad4999107eb9aad6a3d64d3bd4d2e5ac98dc3b5226c4b8db91eb66ad312 |
| SHA1 hash: | a02b335ffe6c99454ae08de1dfdb38efec22c690 |
| MD5 hash: | 71ffc45de1b20afa7ea805363fd6a875 |
| humanhash: | mars-mississippi-stream-idaho |
| File name: | file |
| Download: | download sample |
| File size: | 2'353'737 bytes |
| First seen: | 2026-02-27 05:25:31 UTC |
| Last seen: | 2026-02-27 06:24:40 UTC |
| File type: | |
| MIME type: | application/x-dosexec |
| imphash | f6baa5eaa8231d4fe8e922a2e6d240ea (61 x CoinMiner, 22 x DCRat, 15 x LummaStealer) |
| ssdeep | 49152:IgwRSbll6MeivssIUvFoOere1vPlIulCJDnk5ihQIup2T:IgwRSbL6MeivsmiOse1UJQ58yg |
| Threatray | 25 similar samples on MalwareBazaar |
| TLSH | T1C0B5335172F8C0FCF8681A3101459B622A3AAE111B3585C3FFAC3D9592B36D7D9363CA |
| TrID | 42.7% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 16.8% (.EXE) Win64 Executable (generic) (6522/11/2) 13.0% (.EXE) Win16 NE executable (generic) (5038/12/1) 11.6% (.EXE) Win32 Executable (generic) (4504/4/1) 5.2% (.EXE) OS/2 Executable (generic) (2029/13) |
| Magika | pebin |
| Reporter | |
| Tags: | dropped-by-amadey exe fbf543 |
Intelligence
File Origin
# of uploads :
13
# of downloads :
136
Origin country :
USVendor Threat Intelligence
Malware configuration found for:
Archives
Details
Archives
an extracted 7-zip archive from the overlay data and SFX commands
Archives
extracted archive contents
Malware family:
n/a
ID:
1
File name:
_273e1b62d3782e610890ad9ca69ab7afa99e108b63eb41b0e455bc23630f4b68.exe
Verdict:
Malicious activity
Analysis date:
2026-02-27 05:27:05 UTC
Tags:
auto-reg everything tool auto generic smb ransomware
Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Verdict:
Malicious
Score:
92.5%
Tags:
infosteal rapid
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
adaptive-context fingerprint installer installer keylogger masquerade microsoft_visual_cc obfuscated overlay ransomware
Verdict:
Malicious
Labled as:
Win/grayware_confidence_90%
Result
Gathering data
Verdict:
Malicious
File Type:
exe x32
Detections:
HEUR:Trojan-Ransom.Win32.Generic
Malware family:
SalatStealer
Verdict:
Malicious
Score:
83%
Verdict:
Malware
File Type:
PE
Gathering data
Verdict:
Malicious
Threat:
Trojan-Ransom.Win32
Threat name:
Win32.Ransomware.Pay2Key
Status:
Suspicious
First seen:
2026-02-27 05:26:20 UTC
File Type:
PE (Exe)
Extracted files:
15
AV detection:
12 of 36 (33.33%)
Threat level:
5/5
Detection(s):
Suspicious file
Verdict:
malicious
Label(s):
hacktool_defendnot
Similar samples:
+ 15 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
7/10
Tags:
discovery execution upx
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
UPX packed file
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Executes dropped EXE
Unpacked files
SH256 hash:
273e1b62d3782e610890ad9ca69ab7afa99e108b63eb41b0e455bc23630f4b68
MD5 hash:
71ffc45de1b20afa7ea805363fd6a875
SHA1 hash:
a02b335ffe6c99454ae08de1dfdb38efec22c690
SH256 hash:
2a36b00297ee9c50fea6c122152b678f4751e4c0d1466bc03e5f39bbaa41b798
MD5 hash:
a2a8ef7878b8389a6c1694977588e6c2
SHA1 hash:
a85a72e0c810d957b0b4abed58145fe2218a492d
SH256 hash:
b6301160d2cceb9df1bb2d0548d65c31ecc38b694fa5efe67899935f19870fce
MD5 hash:
46857dedd8ea45006ec3ebff24739f8b
SHA1 hash:
47bd7d9f2eb13d178327769b964043887258390e
SH256 hash:
f457b1cb1b146ab07117e34dc50881ef787946a0311467d82469fdaa3e54884c
MD5 hash:
52b7073101ce2f83c85ed698f1ee0445
SHA1 hash:
cd2f016c79de7d4bf20d1366cc9483b610b4ffc2
Malware family:
Mimic
Verdict:
Malicious
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
exe 273e1b62d3782e610890ad9ca69ab7afa99e108b63eb41b0e455bc23630f4b68
(this sample)
Dropped by
Amadey
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.