MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932
SHA3-384 hash: 273ccb38ad8f90e5b71c23ae72094284e76981202ff9175f0a3ca20243cfcf7372ca8b278564432b2a48bb3e9133dccd
SHA1 hash: ca958d682b4a42e9f194634da84dcb0d427c202c
MD5 hash: 2af51ea005c6d91d4e64d39cda951f40
humanhash: arizona-kentucky-mango-venus
File name:windows_i386.exe
Download: download sample
File size:3'584 bytes
First seen:2025-10-22 12:55:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e82dd51b077167be63c004bed23d0c1e (40 x NetWalker, 2 x GuLoader, 1 x ShikataGaNai)
ssdeep 48:6Icwm0qEkVt2W+J8zrD7TLjpSpc1ZsSYr8XxhxhwcRaK:4jfEst8SNSYp
TLSH T190715E88F3275AF1E43886F840D3A654C059ABB8C250BE8D5A60281E3C220BA255EF96
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.8% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.6% (.EXE) Win32 Executable (generic) (4504/4/1)
8.5% (.ICL) Windows Icons Library (generic) (2059/9)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
SE SE
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
http://107.173.101.114:10000/?h=107.173.101.114&p=10000&t=tcp&a=w32&stage=true
Verdict:
No threats detected
Analysis date:
2025-10-22 03:04:48 UTC
Tags:
payload golang
Link:
https://app.any.run/tasks/84f15d0d-10b7-48b2-8aee-41005e372d0d

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/33755/
Detection(s):
Win.Trojan.Mikey-10038331-0
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f8d460ad6ce0f5ad40a76f
Tags:
rozena emotet
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cobalt microsoft_visual_cc obfuscated overlay packed packed packer_detected
Link:
https://www.filescan.io/uploads/68f8d484c85c5c5697324804/reports/f7f5e244-44f2-4a57-bdd5-045f716ca71a/overview
Verdict:
Malicious
Labled as:
Fragtor.Generic
Link:
https://www.hybrid-analysis.com/sample/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-21T16:12:00Z UTC
Last seen:
2025-10-22T10:13:00Z UTC
Hits:
~10
Detections:
Trojan-PSW.PureLogs.TCP.C&C Trojan.Win32.Strab.sb Trojan.Win32.Shelm.c Trojan.Win32.Rekvex.sb HEUR:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932/results?tab=lookup
Malware family:
Knight
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c2491452-a542-4161-aec1-be3dd4c32114
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1799810
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
84%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/2af51ea005c6d91d4e64d39cda951f40
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932/
Verdict:
Malicious
Threat:
Trojan.Win32.TCP
Link:
https://tip.neiki.dev/file/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932
Threat name:
Win32.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2025-10-21 18:37:02 UTC
File Type:
PE (Exe)
AV detection:
30 of 37 (81.08%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ia7erocnorw5f5txf3ldm6nm5i3fbdu35z3caskdcel2efctpeza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251022-p6lqhsfk5x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System Location Discovery: System Language Discovery
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3bd6389d-aa2e-4fa6-ab92-640b065c5c97
Unpacked files
SH256 hash:
403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932
MD5 hash:
2af51ea005c6d91d4e64d39cda951f40
SHA1 hash:
ca958d682b4a42e9f194634da84dcb0d427c202c
Link:
https://www.unpac.me/results/42d7a7f3-36e9-4201-bb7f-a9cd6d89e021/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 403e48b84d746dd2f6772ed63679acea36508e9bee762049431117a214537932

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3683254/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/33755/

Comments