MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 25 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0
SHA3-384 hash: 049d9d08fcae9638a84818898abfe6532c618ca1834e976e4f1dcdec001ece53b533a597031f0696256935c99703f2c2
SHA1 hash: 681a56b66e14fc3312451d07d7cd54594c62b724
MD5 hash: 8b4f563cc2cf98440ef3834869e88b96
humanhash: nineteen-high-twenty-salami
File name:agent.exe
Download: download sample
File size:15'040'367 bytes
First seen:2026-04-09 08:33:35 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 70d2e884fa127843c5bcbb53da86b6c8 (9 x TrustConnect, 3 x SoftConnect, 3 x AxisControl)
ssdeep 196608:7dvIyQs3CY9eO8OwcPFGUe64I9zlxOxoBFDuUswlYQq:7drz7whrrI13OxojGd
TLSH T15AE6AD02B3F842A9E5BFC278C5625517EBB27C491720EBDF055495A92F33BD09E39322
TrID 22.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
22.7% (.EXE) Win64 Executable (generic) (6522/11/2)
17.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.7% (.EXE) Win32 Executable (generic) (4504/4/1)
7.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Joker
Tags:exe trojan

Intelligence

File Origin
# of uploads :
1
# of downloads :
142
Origin country :
NL NL
Vendor Threat Intelligence
Malware configuration found for:
ReadyToRun
Details
Link:
https://research.acce.ciphertechsolutions.com/results/d5f050a5-50bb-4f31-bf34-756c5d46d693/
Malware family:
n/a
ID:
1
File name:
agent.exe
Verdict:
Malicious activity
Analysis date:
2026-04-09 08:40:05 UTC
Tags:
anti-evasion websocket evasion
Link:
https://app.any.run/tasks/574013f0-a5f0-4e20-8f52-f9a676ede001

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/60931/
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d764a266ab6d001dd0869b
Tags:
dropper micro sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Launching a process
Creating a service
Launching a service
Creating a process from a recently created file
Running batch commands
Searching for synchronization primitives
Сreating synchronization primitives
Sending an HTTP GET request
DNS request
Sending a custom TCP request
Creating a file in the Windows subdirectories
Using the Windows Management Instrumentation requests
Creating a file in the system32 subdirectories
Enabling autorun for a service
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context agenttesla agenttesla anti-debug base64 fingerprint microsoft_visual_cc overlay overlay reconnaissance threat unknown
Link:
https://www.filescan.io/uploads/69d765825ea31bc68a1aa15c/reports/75080977-9da5-430c-9b7d-a573cc203dc4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-04-09T06:02:00Z UTC
Last seen:
2026-04-10T11:38:00Z UTC
Hits:
~100
Detections:
Trojan.Win32.Staser.ezwf PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f5639c4e-7cac-4946-8230-fe9ce99a441d
Score:
80%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Html Javascript in Html PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/8b4f563cc2cf98440ef3834869e88b96
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0
Threat name:
Win64.Backdoor.Zegost
Create hunting rule
Status:
Suspicious
First seen:
2026-04-09 08:35:55 UTC
File Type:
PE+ (Exe)
Extracted files:
89
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hdblxw2dxgehjxrn4kqiizrpefwzxvmsbx2lih6rakml3qh6w7aa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
execution persistence
Link:
https://tria.ge/reports/260409-kgrs1sdx3z/
Behaviour
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Launches sc.exe
Drops file in System32 directory
Looks up external IP address via web service
Creates new service(s)
Executes dropped EXE
Unpacked files
SH256 hash:
38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0
MD5 hash:
8b4f563cc2cf98440ef3834869e88b96
SHA1 hash:
681a56b66e14fc3312451d07d7cd54594c62b724
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
0cf0344f913385733eef28068962bf68869927792015843dc9d099499d655772
MD5 hash:
b91ca40afbbe0c8b90a41e8668b67342
SHA1 hash:
82a79ee19a22d76fd688cc85a0ce29f76ea5b942
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
12435f9be78787eabb831f7c6127f80e6c843a2b4e968eff9aade9d58b24f9f8
MD5 hash:
9f78ed9d150cf9cefe796710bc913f9c
SHA1 hash:
e3d2fadee0d310964cc8df5fc7f07a80989001e0
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
0b6f69f8a1cf4d1581446a8914c08abfc1bef59c2b526fe1ab376858859423d3
MD5 hash:
e8c2b26574cff1eb80af2e6afec9fbfa
SHA1 hash:
02445e8c0498cc6940246b976a8092eb78fbc1f3
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
5cbf8b983a7f58c924fa800b9e815a0774584daea27fd0840705b90f8176d0e0
MD5 hash:
864d4133a8ea4c0f0a88ddc2c20fee2a
SHA1 hash:
b043d52533cb81d2f999e56ca3a4d123b23525d5
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
5b88a38c58fb6851534881167f9a782fbaa84ebe921e5a9cd86d8a91d4a59fe0
MD5 hash:
2b3aeb370109cac54b83f03a9259fdb9
SHA1 hash:
a91daf607c19adb392fd9d69a9e877c34ca6bd53
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
a498190b94552381c44c5dbb9ba1da7d3a020637a04f931c7f47e8f911de7c0c
MD5 hash:
630f363b3602785df1d82a143f2a8e2d
SHA1 hash:
3163469a20ec38fc3e055efa5e3856737b974ea4
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
6a2c53f84c58d98fd721bcd1cd4970ad6f28c0dbf38a39bb8f8d153bd47e3572
MD5 hash:
d431ae9d9de5a2f0c88103ae321212bd
SHA1 hash:
91e774b863cb692e178ce1cab87c11af2b3d008e
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
4caddcf77bf9e07044c3dc58f140f94790b39ff1418c25a274f239ac03aa8fa5
MD5 hash:
13a57f97face384977e5a19a8cf88110
SHA1 hash:
fc8978256810185100af04d09ae49142b0342d60
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
d5b9254bbee1e33e1034c86341ab6e9a6e5a27551220539cfd2942eb16ec9172
MD5 hash:
e9775fe6a434f1589f97faeae2a37b64
SHA1 hash:
703f7081d125495a12b54edd740f1d582f984b0d
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
88aaf3de537a91b970a8ba8e5cab90b67f6bcaeaf7b62fa87e50e23363a17a9d
MD5 hash:
6bed1ce58bafe3e7a0f0cd7211fe0f59
SHA1 hash:
2670a1f87e964f15ea7698c70c49b20149738619
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
617a29c6634fc19729cad196c3968f9a578610384fb8f5cd9b8e50bc26eeb7c9
MD5 hash:
31be53143d0148fc9b5194a9081592d2
SHA1 hash:
2d370085ba9a00ca88a9e1a56992e7064886bfd5
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
74dc955a0f426b4ffbf473e22606584b717ac33f7fce7b55b193f6e3092f30a7
MD5 hash:
7401101a422cabb2a71849a5537a4f5a
SHA1 hash:
4b34b96f53c5ccae6d4070cc09158548920afab4
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
bac4a3aa5831aa64a89b045b982ef0712a362d5363432d6903fda3d3778fb126
MD5 hash:
3a41a719d158f33fa0cb06dd9d06214f
SHA1 hash:
4d9a5b7d2708116e590559bf6d8500ca88d154df
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
8846dae8e57379c37c9b029f35924587ebdbd8795cc2c357c5252894bb04bc64
MD5 hash:
2708e06d80098c65aa4d4ef616df681e
SHA1 hash:
97a719a66b6bfeacde6eb9979e6a31749dea3e22
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
dedd82538f91843a23aadb9f2899adbcddeddbf25de96a0d7f00646d15d7a406
MD5 hash:
0271892bd1f786a320e99a854bbeb6f2
SHA1 hash:
ab6ba68401c706537776b9033c936cfc5b70559e
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
7387344bff4961392cf7803f621cb59bf15aba6d2d2ac1436e27e4ae53fef3fe
MD5 hash:
99fa3055afbe050b9c020a73445586cb
SHA1 hash:
f9750b58a726575f61786293f06e15eeb900b16e
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ef6cead5ca827a7965b31a57db1e0f9114371cd342a9697d284e05540637ce03
MD5 hash:
659ca26c1bbfcbac0bf2da99d5909a69
SHA1 hash:
cce419990de87f9ca2e48dee8d024185d46ab613
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
18c3ce883caab49f0d9ba607ddbd644303fb087d06f304d84f63b1d45e09bc50
MD5 hash:
665aa86e7299bd3351485f8c6e36045e
SHA1 hash:
754ebd7d15bf832d9d92ccb5367db493b07591fd
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
9a8a3d2046995d091e0e180867711fd097730736d9fab5cb2dfdbbf12c078722
MD5 hash:
49adfd25dfc28801d349c62af20b6642
SHA1 hash:
38884ae60256cb91428de0a94cad30f088473f30
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
00fed8aefd04da0e3791b3c22c5adcdf0892eb2265a2a118010f70c0c4ae55a3
MD5 hash:
8b09199edf78f3ee9f5b5744488630a0
SHA1 hash:
d819bda65514b4f4f5c7c14212866420ce9cff54
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
70c5033e4e801cf08e4c1d23ce0180c0cf6aedbda36cffd4b068c2cea6084969
MD5 hash:
9ae226b1434c9247f185e005e800165f
SHA1 hash:
4ebd321ed8546f312fe873c4709e7ce24a900ee3
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
994aeb9430bab25fade9ac86f4126ce783a43fcd7ad8b427688436fe45c44334
MD5 hash:
2a14c767bd261022acce31cad65ace6c
SHA1 hash:
431e476e0878bcad1d79aa4b9357d8e9bd74b776
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
959b07e066e67643adba7ea202700167dfb853797e62865a5609625800d8352b
MD5 hash:
fbeae8833a3f37d4d4cf351e19f4f797
SHA1 hash:
8da24dd8be65f0df56c7ad22fb4ca074cbe07bb5
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
9fa7f21f034aa43cc8fb4d763fd37e583ef52e3cada8485c826216ecc54010f7
MD5 hash:
b774ac7119e7ff4a6c368ea9514dc612
SHA1 hash:
b6746d543da8bd2f5f1c0012c5eec077f94a8409
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
d7c42eaecde743a99d980632f90e01405728cdeb06cd31248c7b7ac1cc55789f
MD5 hash:
79b4572b45fb2f931402d85711965e0e
SHA1 hash:
ab88da7b48e9fe8583147524cda8dc4707c62440
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
dddc5d851892c9e8876580504a65d38341cbc4fc297126c4f552b4a0d5521710
MD5 hash:
85bca3924590501f4bcb7c4fe382affb
SHA1 hash:
df234ec71305f8063aecbc132490ae7d8087aa61
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
230af80919c9abceb3e0654bcc22fbe2aabe458a1bd50c29b44588d74732fc68
MD5 hash:
f5cebd02b2c62900630ae36aee9096d5
SHA1 hash:
255499528e33c4fc3cb57ed92988249a05347cc2
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
138f3de3b20966ba66a335dc1d343f4900c981a8bd8394fff54f1fedb0992297
MD5 hash:
eae1783cd81e4aa4bb7e7c5ae9eaaf9b
SHA1 hash:
55db8985f68aad1831b630187b81bce813026e69
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
a074b5e7ceabb072d3f0c91dc4b1584218d432f68189e8812e3f2a7c763de456
MD5 hash:
6ca9786a807972019f84deccbbf172f4
SHA1 hash:
06fece7ab995b1a0e775fc902e91c17824876475
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
166dc1e11bc267ed248c798ec194662229be12d3e165328f3d2d1eabd8b43fff
MD5 hash:
5a38cd2474930369e7942cd514556fb5
SHA1 hash:
fb371319dc866a952d18ba57c73c488b38912d8c
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ab78d191e89e170ddd623fc5c008c25245a8f22b5cfe4e267aaec68550acfa44
MD5 hash:
ad4264327562fdb9f0fa78edebf70d2d
SHA1 hash:
de15c869c97428ca3cafe81b70e1e9fcf29f7708
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
cd5f5475ac8ad9ab009c525a67b2364a930f97a6ab049b64e57b8d2987275259
MD5 hash:
e9c3905f61a19344daa4de9d828b7719
SHA1 hash:
ddf064dc8e40e42ee8d0b7e64c8807ccb85427d6
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ae3efb38687f8f159cffa9ef026b3e9b5e88e6fba13982266c0c7971b6118d83
MD5 hash:
22671849a9e54716018e63c7fc82c237
SHA1 hash:
22f387c562fabbe32f671af79be9a77728e17e47
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
5a222a2ce029813bd619233452190cf525b1b0a4222f011db1f4a30b9febe64b
MD5 hash:
e92ef5b9769006c504a2e8202f2ce364
SHA1 hash:
f3b09ab6d43575e78526383a8be133473675115d
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ea41b21890d36c00e9d83fe35678d07453ea65eae32683c779665863e2638ec6
MD5 hash:
e9a4c70aeb577add1fbff6cac096773d
SHA1 hash:
0a3f6dfe0bc458d16b35da77e7078abef88168d5
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ba31df136dc6a330a6072c6715d81f18406ca04ad85d56c19a766bdd3a91e382
MD5 hash:
a41009bd9b8840081d732d468fb870ea
SHA1 hash:
bc3da71fb111e4f2f810a0cdd600e59cfeac78a0
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
ec349e8199da174bead788061a32bc6e367c9530159ca5db3121813c15249e26
MD5 hash:
02ffa9e8d6b630ed2d0cababb0122933
SHA1 hash:
627b822ebcff8e83dd2248d62d561ac0d8229a85
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
b377886e63ff641ae6cf0315480df4f9d335e50b3b7af7922badf31b37ff2850
MD5 hash:
49e566b28b0b6d350977237bfea4e036
SHA1 hash:
4c5b64e2d1b24088c50cf9772aa14e0ef5ca27e9
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
3c58111b38054adc94d8f86d0219080a41f87c458598fc5c06c3111ca9c05696
MD5 hash:
0f344cc12c838a2e60dbbbf968f9ffe6
SHA1 hash:
86e0b6dc0a1cdd2a8bf5eda0458fe3b02438ece8
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
062bc4e5af70f936e41ee6fbca0bdd3d6ac381ffb1c29dce1299eb80bf0d5848
MD5 hash:
b35cadf9873f7ea82aaa479fe4ae339c
SHA1 hash:
74d3d5b138b14327b18b55a79f2cdc955badb29c
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
07feb8d8656c41ee4f0688066cea96cd8c0ce531a00e18d0e1a481b2addd8147
MD5 hash:
52841d5a5ebbafbacc52bdf983dbaa90
SHA1 hash:
8386f961b37b8d9f619cd0736c25962c30abbfba
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
f2953e87b97d2acafb7239c5918f66c766c84e4d077fad50e6627edd1b75b5ae
MD5 hash:
a20242fe623a3fe170e169dfa169d46c
SHA1 hash:
37bc2340eb1422433e46a62557d0180de03cdbc5
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
dd3bf764e7f51285e410191813aae621cd01172f676b6f7e5f2204fa95f1041f
MD5 hash:
9533b6869b93dd5c082bc89336596884
SHA1 hash:
a08dc83a579a11e3b3d8cd1184652b4f15b00afe
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
a577a60d7e2a0dbcba1fd71250cbb5e400e116fe20ddd816f197bdc777527a2b
MD5 hash:
768bafb6dcb4c122d6b9d9b3495da856
SHA1 hash:
2f715492c000746cdbc6f6fa726f89356ec0689c
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
5fe98bdd4427c6ac2fbfb40c51fff41f39fc747de8d921e35f7f6901e832f711
MD5 hash:
374e510ade9eec606e56289a75fa1c41
SHA1 hash:
e28dedb8d95dcd8e0fd5cf6274f2e3bb6c8ec55e
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
SH256 hash:
cae600fe662cee9f5b43189f136b187e3ea45949e3678a836394bd5a4555cab1
MD5 hash:
a632a6be6f46cf160103f6aad84d0f7b
SHA1 hash:
90035b653e5b313ecc159dce9ff4e2f7f387bab2
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/c7133da4-47f6-4195-8ddb-03d58b65a44b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/38c2bbdb43b98874de2de2a084662f216d9bd5920df4b41fd10298bdc0feb7c0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:Jupyter_infostealer
Create hunting rule
Author:CD_R0M_
Description:Rule for Jupyter Infostealer/Solarmarker malware from september 2021-December 2022
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETDLLMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:reverse_http
Create hunting rule
Author:CD_R0M_
Description:Identify strings with http reversed (ptth)
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:test_Malaysia
Create hunting rule
Author:rectifyq
Description:Detects file containing malaysia string
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:WIN_WebSocket_Base64_C2_20250726
Create hunting rule
Author:dogsafetyforeverone
Description:Detects configuration strings used by malware to specify WebSocket command-and-control endpoints inside Base64-encoded data. It looks for prefixes such as '#ws://' or '#wss://' that were found in QuasarRAT configuration data.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/60931/

Comments