MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db
SHA3-384 hash: 04342f24befec22c3a4ac71c16a7c99bc798451a178fbb8f1d9b79d41169f0fcb65d9a12f7968f75977677e34598ea95
SHA1 hash: 1b7673759f6f1fdb7f179bee3cd4da1f891ab918
MD5 hash: 3f7ff61fd5728808124b69858ebe6f5d
humanhash: six-purple-alabama-leopard
File name:loader.exe
Download: download sample
File size:90'356'736 bytes
First seen:2026-01-08 09:57:08 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544 (1 x ScarfaceStealer)
ssdeep 786432:/AZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:/AZui3zQz2jOZKft
TLSH T14C187D13B3A705D5E8F7DA3096E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
dhash icon f89efcf8f971f2e0 (10 x NodeLoader, 9 x FixStealer, 6 x Amadey)
Reporter Ling
Tags:exe Malgent Trojan:Win64/Malgent!MSR


Avatar
CNGaoLing
This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win64/Malgent!MSR)

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'269
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/a47635f2-3bd9-449e-bbb6-da73921c6f87/
Malware family:
n/a
ID:
1
File name:
loader.exe
Verdict:
Suspicious activity
Analysis date:
2026-01-08 09:58:53 UTC
Tags:
api-base64
Link:
https://app.any.run/tasks/49a6d9df-7727-4f4b-bfac-0d134053a374

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695f7facf50945831dfebaf4
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file
Creating a file in the %temp% directory
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc obfuscated
Link:
https://www.filescan.io/uploads/695f7f956c34f71773c6381c/reports/cc6e621d-fec5-4d2a-94e6-a5a7b72bcf63/overview
Verdict:
Malicious
Labled as:
JS/Packed.Agent_AGen
Link:
https://www.hybrid-analysis.com/sample/38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db
Verdict:
Clean
File Type:
exe x64
First seen:
2026-01-07T14:54:00Z UTC
Last seen:
2026-01-08T14:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db
Threat name:
Win64.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-01-08 01:26:13 UTC
File Type:
PE+ (Exe)
Extracted files:
13
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hbyr5etkseapmmrqdi4vxkxfqgl5jd4hxe5rbwcwmzahzc7u2dnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260108-ly97csan6x/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/75369eb8-ffda-488a-8b8d-c06b8d981805
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 38711e926a9100f632301a395baae58197d48f87b93b10d85666407c8bf4d0db

(this sample)

  
Delivery method
Distributed via web download

Comments