MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
SHA3-384 hash: 5776e2bd07fbbf5a766bb13936444253b2e52cf2e3542ed6b3bdddb9f77d6a434198afce26e2d360d1ad7f436208efa4
SHA1 hash: d00bd63040786db48525285421f97ba768225537
MD5 hash: 549b9c352976896bee533ceea5f27395
humanhash: queen-diet-stream-fish
File name:SecuriteInfo.com.Heur.BZC.PZQ.Boxter.1023.E7A74D4F.10956.1904
Download: download sample
File size:40'960 bytes
First seen:2026-02-14 19:20:12 UTC
Last seen:2026-02-14 20:26:59 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 384:CzY+DulnUHA7ticeToW3T1XFFM69q5ICpV1XFFM6ztcq5ICVbi:+IhQstic6hRjqmCpz56qmC
TLSH T1C403E65BB3509331E44103314A6FC7E56F74AC849FA25616327AF34C6E31AD066E7EE2
TrID 88.4% (.MST) Windows SDK Setup Transform script (61000/1/5)
11.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter SecuriteInfoCom
Tags:msi

Intelligence

File Origin
# of uploads :
2
# of downloads :
33
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
MSI
Details
MSI
an embedded setup program or component
Link:
https://research.acce.ciphertechsolutions.com/results/1d59f897-c792-4fd1-ad43-33378ca8e304/
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/53339/
Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6990c0682715406c647977fa
Tags:
agent shell sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-vm fingerprint installer installer ipconfig lolbin net persistence powershell schtasks wix
Link:
https://www.filescan.io/uploads/6990caf7981ff1d38a55fd26/reports/edb5d405-cefa-44c2-9003-96e73b36475e/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
Verdict:
Malicious
File Type:
msi
Detections:
Trojan-PSW.Disco.HTTP.C&C PDM:Trojan.Win32.Generic Trojan-PSW.Win32.Stealer.sb Trojan.Win32.Agent.sb NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellPost.HTTP.C&C
Link:
https://opentip.kaspersky.com/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c/results?tab=lookup
Score:
2%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
Verdict:
Malware
YARA:
4 match(es)
Tags:
CAB:COMPRESSION:LZX DeObfuscated Office Document PowerShell
Link:
https://app.malva.re/file/549b9c352976896bee533ceea5f27395
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c/
Verdict:
Malicious
Threat:
Trojan-PSW.Win32.Stealer
Link:
https://tip.neiki.dev/file/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hb46j3hyjsuohszyydr5qahsze35rh63vp4rgpzvxz2tk4kr4fga._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion execution persistence privilege_escalation ransomware
Link:
https://tria.ge/reports/260214-x195xsft2g/
Behaviour
Checks SCSI registry key(s)
Gathers network information
Modifies data under HKEY_USERS
Modifies registry class
Runs net.exe
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy service COM API
Event Triggered Execution: Installer Packages
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Drops file in System32 directory
Enumerates connected drives
Creates new service(s)
Executes dropped EXE
Loads dropped DLL
Modifies visibility of existing users in the login screen
Stops running service(s)
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Drops file in Drivers directory
Event Triggered Execution: Image File Execution Options Injection
Malware Config
Dropper Extraction:
http://45.61.130.146:8080/enroll
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 3879e4ecf84ca8e3cb38c0e3d800f2c937d89fdbabf9133f35be75357151e14c

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/53339/
  
URLhaus
https://urlhaus.abuse.ch/url/3777858/
  
Delivery method
Distributed via web download

Comments