MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c
SHA3-384 hash: 4d0fa3d6abb625c5fec96cf03649849ac65ab210b68b3698ff61ab075c36a87194eec729790b25244c9515ce76b6b23d
SHA1 hash: 1177abd5a4904d6a7d8168018ce6ed7a7f51dc6e
MD5 hash: 1b79040d79a0f066272aef9877683012
humanhash: echo-juliet-dakota-sink
File name:panel
Download: download sample
File size:85'906'539 bytes
First seen:2025-09-14 11:23:42 UTC
Last seen:2025-09-14 13:20:40 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d0fb8dc9ee470058274f448bebbb85f (4 x NodeLoader, 3 x Rhadamanthys, 3 x DogeStealer)
ssdeep 393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfV:fMguj8Q4VfvXqFTrY/VoVIC/Wyl
TLSH T19B180802F58DA491EAB5023B26B7A143DDB7BA36D314CD9E76CE83044BE76F74530A90
TrID 40.3% (.EXE) Win64 Executable (generic) (10522/11/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4504/4/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
3
# of downloads :
136
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
panel.exe
Verdict:
Malicious activity
Analysis date:
2025-09-14 11:21:06 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/907513f8-9caf-42b9-9266-69680bab47dc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
no reply from clamd
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c6a536d49ea3f1e4b58ef8
Tags:
n/a
Result
Verdict:
Suspicious
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Sending a custom TCP request
Running batch commands
Creating a process with a hidden window
Launching a process
DNS request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto evasive expand fingerprint lolbin microsoft_visual_cc overlay packed packer_detected pkg threat
Link:
https://www.filescan.io/uploads/68c6a62fc62f699623898469/reports/46af5041-c66a-4ec9-bda3-95f072b9a8ae/overview
Verdict:
Malicious
Labled as:
W64/ABRisk.OXQO
Link:
https://www.hybrid-analysis.com/sample/299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-09-14T08:40:00Z UTC
Last seen:
2025-09-14T08:40:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Win64.Disco.mni
Link:
https://opentip.kaspersky.com/299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1777225
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1777225 Sample: panel.exe Startdate: 14/09/2025 Architecture: WINDOWS Score: 48 25 evilsoul.cc 2->25 27 Multi AV Scanner detection for submitted file 2->27 8 panel.exe 53 2->8         started        signatures3 process4 file5 17 C:\Users\user\...\node_sqlite3.node.bak, PE32+ 8->17 dropped 19 C:\Users\user\AppData\...\node_sqlite3.node, PE32+ 8->19 dropped 21 C:\Users\user\AppData\...\node.napi.node.bak, PE32+ 8->21 dropped 23 C:\Users\user\AppData\...\node.napi.node, PE32+ 8->23 dropped 11 cmd.exe 1 8->11         started        13 conhost.exe 8->13         started        process6 process7 15 reg.exe 1 11->15         started       
Gathering data
Verdict:
Malicious
Threat:
Win64.Malware.Generic
Link:
https://tip.neiki.dev/file/299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-09 01:18:56 UTC
File Type:
PE+ (Exe)
Extracted files:
20
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgnc475iu2oesxwbt7wpkxmtxn3gvxnkpdujutq226fjz2szwmoa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/250914-njccwssmv5/
Behaviour
Suspicious use of WriteProcessMemory
Loads dropped DLL
Verdict:
Malicious
Tags:
trojan
YARA:
EXE_Unknown_Byakugan_April2024
Link:
https://app.threat.zone/submission/f4542acf-a7fb-45df-b0c0-67e84561b59f
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Executable exe 0a0c314a32cfbdccbaf3de35bd30ea0da6cd8c524cb2a37f9c795cef709cec47

Executable exe 299a2e7fa8a69c495ec19fecf55d93bb766addaa78e89a4e1ad78a9cea59b31c

(this sample)

  
Dropped by
SHA256 0a0c314a32cfbdccbaf3de35bd30ea0da6cd8c524cb2a37f9c795cef709cec47
  
Dropped by
MD5 5ddf524a99908f27d62730d16ecb01a1
  
URLhaus
https://urlhaus.abuse.ch/url/3623678/
  
Delivery method
Distributed via web download

Comments