MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 15


Intelligence 15 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7
SHA3-384 hash: faa54d20da618fdb756924647af2b31e4801a1e77a8b194b338edeb400ff414d8502930e26932a3c009982186550547d
SHA1 hash: c4f1224c8324d2d08dfa30f4c12daf12a58cd8f4
MD5 hash: 09146beb276fcf8227d6c6ccce4b7f01
humanhash: undress-uranus-north-fourteen
File name:Setup_Installer.exe
Download: download sample
File size:83'896'737 bytes
First seen:2025-11-26 00:35:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cea7ae85c87ddc7295d39ff9cda31d1 (92 x LummaStealer, 85 x RedLineStealer, 62 x Rhadamanthys)
ssdeep 24576:mEyYER/JPUF5ew+bG8LEF+tl3c03eNY3WHZ3e:aYyRQwJgAr3c+eNY4u
Threatray 3'259 similar samples on MalwareBazaar
TLSH T1A2081113763E8579F6FB768644102FA23C717CD24298603A2A62DD6F3533B729126EC7
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter user35335
Tags:exe stealer


Avatar
user35335
https://dwnlods.onl -> https://mega.nz/file/ekYEQabT#clsDysGdPZWs5TzUwe0dtD_ihIVDppqSl5L3yEybwYY

Intelligence

File Origin
# of uploads :
1
# of downloads :
585
Origin country :
CA CA
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SETUP.zip
Verdict:
Malicious activity
Analysis date:
2025-11-26 00:04:07 UTC
Tags:
arch-exec autoit stealer
Link:
https://app.any.run/tasks/10a1ec7d-4f2a-4f29-9ba5-01f98134bfc1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=692645a5587b4206e7f2f109
Tags:
autoit emotet
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Launching a process
Creating a process with a hidden window
Running batch commands
Launching cmd.exe command interpreter
Creating a process from a recently created file
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Forced shutdown of a browser
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context CAB darkgate infostealer installer installer installer-heuristic invalid-signature lolbin microsoft_visual_cc overlay overlay packed rundll32 runonce sfx signed stealc unsafe
Link:
https://www.filescan.io/uploads/69264b7f5788d63eca910869/reports/0ae69b24-983d-479a-8b2d-b70335ab3510/overview
Verdict:
Malicious
Labled as:
Infostealer/Stealc
Link:
https://www.hybrid-analysis.com/sample/2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-25T21:13:00Z UTC
Last seen:
2025-11-27T19:06:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.Autoit.acxys BSS:Trojan.Win32.Generic Backdoor.Agent.UDP.C&C Trojan.Win32.Autoit.sb
Link:
https://opentip.kaspersky.com/2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7/results?tab=lookup
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Autoit
Link:
https://tip.neiki.dev/file/2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7
Threat name:
Win64.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2025-11-26 00:11:17 UTC
File Type:
PE+ (Exe)
Extracted files:
52
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fnr76gsqdsljcnevslxdfigcmx556frbfhlsove5wq5fcctm323q._file
Verdict:
malicious
Label(s):
amaterastealer
Create hunting rule
Similar samples:
2ec192cc4331149c270c683b91f068dcfe3afcbfa861672543c6024e5fa0a31e
30c51e07b720eb37cd081c34a0308d78df20a90495058426058ff92441766219
369f91545cb67cff9efa650bd12b261855ddf3b62e35bc29f118a38409c4c8dc
50ae958eeea4e1df1618d0739c93a1c5b7b56946da6d8e8ce3aed17abf3be548
779ce7aad5f2033c10644516163d7ef69812a5f1b41c91ddf60063cab71475f5
97960e30fabd0b27e5032f063f110dfbbf53e526a2814f861361cfe10e0d2088
9bd052991737957b0e030c9928759b0e54c504275122df16b0cc6521460167b5
error
+ 3'249 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/251126-ax12hs1kex/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Launches sc.exe
Adds Run key to start application
Executes dropped EXE
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9d24a1a6-3afe-4048-a6f0-f937763d576f
Malware family:
CypherIt
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/2b63ff1a501c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 2b63ff1a501c9691349592ee32a0c265fbdf162129d727549db43a510a6cdeb7

(this sample)

  
Delivery method
Distributed via web download

Comments