MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 5 File information Comments

SHA256 hash:	3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2
SHA3-384 hash:	55092172293bbb20a4daf6e56c52f9f8a2f1423a6931bb66eb7c58e5a5b5a14ad9cc929e66319f7c0f961f63e3487976
SHA1 hash:	d94b2ca9494b5b65a8e37352560912db9a04b92c
MD5 hash:	69ef6cbe70f3f411444c9c6516000be4
humanhash:	river-blue-hot-dakota
File name:	SecuriteInfo.com.Win64.MalwareX-gen.66572615
Download:	download sample
File size:	93'680 bytes
First seen:	2025-09-19 19:17:43 UTC
Last seen:	2025-09-19 20:17:43 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	89b45163306495958ead3610c925cd07
ssdeep	768:+aukhpfOfly/o+tIktYKqn6tiWkM9BIhB9QT6E9xMJLS0Yx9wotQzaiozk/VmKTO:fuk/OfsBIQYKf7kUiL9C9OJU1aHolIO
Threatray	104 similar samples on MalwareBazaar
TLSH	T1F8930986B7C1BCB3CA2A113584E7C3352338BFC527C35B236D2562351E676D0AE96687
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10522/11/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win64.MalwareX-gen.66572615

Verdict:

Malicious activity

Analysis date:

2025-09-19 19:19:32 UTC

Tags:

putty rmm-tool

Link:

https://app.any.run/tasks/7626baeb-4313-4cf1-a171-df6fcaf84cbe

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/28386/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.66572615.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68cdad796b621794b130f947

Tags:

ransomware virus shell

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Connection attempt

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

anti-debug lolbin obfuscated overlay threat update

Link:

https://www.filescan.io/uploads/68cdad82f224aeb809c90d06/reports/79be4747-3674-42ea-a3f2-071d7715afcf/overview

Verdict:

Malicious

Labled as:

BZC.MNT.Boxter.371

Link:

https://www.hybrid-analysis.com/sample/3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

Verdict:

Malicious

File Type:

dll x64

First seen:

2025-09-19T10:08:00Z UTC

Last seen:

2025-09-19T10:08:00Z UTC

Hits:

~100

Detections:

HEUR:Trojan.PowerShell.Generic Trojan.Win32.Agent.sb NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C

Link:

https://opentip.kaspersky.com/3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/a241f184-c22c-4f73-90f7-cdc069d72c08

Score:

16%

Verdict:

Benign

File Type:

Link:

https://malprob.io/report/3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/69ef6cbe70f3f411444c9c6516000be4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2/

Verdict:

Malicious

Threat:

NetTool.PowerShellUA.HTTP

Link:

https://tip.neiki.dev/file/3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

Threat name:

Win64.Malware.Generic

Status:

Suspicious

First seen:

2025-09-19 13:30:36 UTC

File Type:

PE+ (Dll)

AV detection:

10 of 24 (41.67%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=h7xfij7elogcqsth2ayoc5zmn5wfohkwjehqi3bxh6oanftkwpza._file

Verdict:

malicious

Label(s):

admintool_putty

351b5c9092ecaa94f3ee0c2e70bea5ef5babc18634fadfad26826a49e5fd0e10

388726bd0c023ce88ac427c0f9db388dc9ad82037f72ee8b3dac74e52c4201b2

3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

591c5830b814217b6372a2b9c4bf1426361affe0014423bfe7d975edfbf99eec

971e52b0d2c85757b2ab34141667d8794c2811cfed971d16241ecb33f60c3dba

c75fcc89a5ff08c2b6b8a70d46f01c988c7d61e345e3f19d16be6d4f731b75bc

d200d6b9ba111dfd4c95f54384a7364958a986e01743f6fd548735e1cced03b0

ee0947c688ad5b9f2d1c802f19430179392b3253fed7473c6f7efccce25c0377

error

+ 94 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

8/10

Tags:

execution

Link:

https://tria.ge/reports/250919-x1q22sfp3s/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Executes dropped EXE

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/83b24606-909e-42e6-a4b7-04f009cbb7ac

Unpacked files

SH256 hash:

3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

MD5 hash:

69ef6cbe70f3f411444c9c6516000be4

SHA1 hash:

d94b2ca9494b5b65a8e37352560912db9a04b92c

Link:

https://www.unpac.me/results/00b8f255-25be-4052-9d1f-8974cbd2847e/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	detect_powershell Create hunting rule
Author:	daniyyell
Description:	Detects suspicious PowerShell activity related to malware execution

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

Rule name:	WIN_FileFix_Detection Create hunting rule
Author:	dogsafetyforeverone
Description:	Detects FileFix social engineering technique that launches chained PowerShell and PHP commands from file explorer typed paths
Reference:	FileFix social engineering with PowerShell and PHP commands

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 3fee5427e45b8c284a67d030e1772c6f6c571d56490f046c373f9c06966ab3f2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3627165/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/28386/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample