MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 14

Intelligence 14 IOCs YARA 5 File information Comments

SHA256 hash:	2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800
SHA3-384 hash:	85b0a475551dc4cea132c633589d1924d516c9144fa2384fed1ed8edb67d62a56fed82c1347f86f377d7f4c937c31730
SHA1 hash:	3f9f79ab4766dd30cb305bb7e0869c75326906fb
MD5 hash:	9c5b77bd281d7d67247e8245f68c5074
humanhash:	oscar-east-oscar-oklahoma
File name:	file
Download:	download sample
File size:	1'366'016 bytes
First seen:	2025-09-25 04:02:35 UTC
Last seen:	2025-09-25 05:16:20 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	756a7493b73d2e1ad7c0a551018da5a5 (5 x Rhadamanthys)
ssdeep	24576:jJHYnDyjB++2qNkpbQKa4Se7rz5QKa4Se7rzX:jJHYmjB++2qmF5DD55DDX
TLSH	T134550285B1C3D063FB573470163CDAAD4C2EED62AF3A1DCB538896B95160AD20F36636
TrID	49.9% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win32 Executable (generic) (4504/4/1) 9.6% (.EXE) OS/2 Executable (generic) (2029/13) 9.5% (.EXE) Generic Win/DOS Executable (2002/3) 9.4% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe

Bitsight

url: http://178.16.55.189/files/428003518/NBDbFKx.exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

amadey

ID:

File name:

32ddcc73e72bb38e6b194a92638f26850d11c743cab8709afd5451fefcc76481.exe

Verdict:

Malicious activity

Analysis date:

2025-09-24 21:40:29 UTC

Tags:

stealc stealer amadey vidar botnet auto redline loader unlocker-eject tool arch-exec themida rdp auto-reg gcleaner autoit lumma phishing anti-evasion rhadamanthys evasion

Link:

https://app.any.run/tasks/b8baf57f-62bd-4478-a054-5b009b75c416

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28889/

Detection(s):

SecuriteInfo.com.Trojan.Siggen31.58302.26449.22839.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68d54aefcc9425144151dd42

Tags:

malware

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Sending a custom TCP request

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

fingerprint microsoft_visual_cc obfuscated packed packed packer_detected

Link:

https://www.filescan.io/uploads/68d4bf49674d5fd6aa0bf450/reports/d5747304-2cfa-4c13-a311-329a2afcc8da/overview

Verdict:

Malicious

Labled as:

Lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-09-24T18:10:00Z UTC

Last seen:

2025-09-24T18:10:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/22510b03-6da2-4ad0-8fee-1700232180d2

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/9c5b77bd281d7d67247e8245f68c5074

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800/

Threat name:

Win32.Trojan.Fragtor

Status:

Malicious

First seen:

2025-09-24 21:08:43 UTC

File Type:

PE (Exe)

AV detection:

31 of 38 (81.58%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=e6b2bd75dlkrdgexnxeowm6oqttflcrtioduajtggg2wxlumbaaa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250925-encd1ssps3/

Behaviour

Program crash

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/50e85b8b-2d57-41ee-8052-7a4c37824241

Unpacked files

SH256 hash:

2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800

MD5 hash:

9c5b77bd281d7d67247e8245f68c5074

SHA1 hash:

3f9f79ab4766dd30cb305bb7e0869c75326906fb

Link:

https://www.unpac.me/results/b7607ecc-55a5-4d39-b420-b1b84d7ea7fd/

SH256 hash:

0b4f333f5d8b2090f59fa580b7ccf36b3308fdc15d1009bea31503041e39f9ca

MD5 hash:

485ab6dfbf78cb37f2424c76e1b018d2

SHA1 hash:

c0f3dee4c6af9b521c5ca8be0cffffd5b801017b

Detections:

INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Link:

https://www.unpac.me/results/b7607ecc-55a5-4d39-b420-b1b84d7ea7fd/

Parent samples :

2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800
90f07c4f9bad794c7499649d98a2302c74a70876526ce76c5853d1d55b45abe8

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 2783a08ffd1ad51198976dc8eb33ce84e6558a33438740266631b56bae8c0800

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3631515/

Cape

https://www.capesandbox.com/analysis/28889/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample