MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 2 File information Comments

SHA256 hash:	428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101
SHA3-384 hash:	2958110ddde76babe7b62d2aed8d764fbacb3a29131ee7527f176d987d28ce5f569bc9fa323de1b8f931dd18c2b48675
SHA1 hash:	b4b1148a11740af9ef744f916b1bf345cbc13d17
MD5 hash:	b252fb0520a86dc1eb0b8c31cdbd804f
humanhash:	twelve-football-artist-high
File name:	raw_cbot_debug.exe
Download:	download sample
File size:	61'440 bytes
First seen:	2025-12-20 10:16:18 UTC
Last seen:	2025-12-20 12:50:42 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	9bdb07b6fd83cfd0e54205b38bedfd9d
ssdeep	768:ZcGovCAeG58oao/JVTM5y0VQu0hseQzRxUMUla8vX6puvf1bs9PDV0gOiATWhea:CGoyzo9onqrqcvlP6EvfaZ0gkTu
TLSH	T14D531C1BB35364ECC62AD57486EFAB33B671F8634630AF3F02E4E6702E11E601E5A515
TrID	41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 26.1% (.EXE) Win64 Executable (generic) (10522/11/4) 12.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.1% (.ICL) Windows Icons Library (generic) (2059/9) 5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	abuse_ch
Tags:	exe mirai upx-dec

abuse_ch

UPX decompressed file, sourced from SHA256 1c1ea4b5f12a991ba2689d1772ff795df8c7513e296b557821ae3f45de8ea170

UPX unpacked

This file is the unpacked version of a file that has been packed with UPX. Below is furhter information about the parent (compressed) file.

File size (compressed) :	31'232 bytes
File size (de-compressed) :	61'440 bytes
Format:	win64/pe
Packed file:	1c1ea4b5f12a991ba2689d1772ff795df8c7513e296b557821ae3f45de8ea170

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101.exe

Verdict:

Malicious activity

Analysis date:

2025-12-20 10:18:50 UTC

Tags:

auto-startup

Link:

https://app.any.run/tasks/01847206-555d-4c1f-ba07-ec3d80c9eddd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45568/

Detection(s):

Win.Malware.Malwarex-10058597-0

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694677acee899ae4567f150b

Tags:

backdoor autorun botnet

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug crypto packed

Link:

https://www.filescan.io/uploads/694677abe126b9ff4389d6a2/reports/d80fb384-f668-4b4a-a15d-df8f2dd5f4e9/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-20T07:22:00Z UTC

Last seen:

2025-12-21T02:57:00Z UTC

Hits:

~10

Detections:

PDM:Trojan.Win32.Generic Trojan.Win32.Reconyc.sb HEUR:Trojan.Win64.Generic RemoteAdmin.LiteManager.TCP.C&C

Link:

https://opentip.kaspersky.com/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101/results?tab=lookup

Gathering data

Result

Threat name:

DDOS Bot

Detection:

malicious

Classification:

troj.adwa.evad

Score:

80 / 100

Link:

https://www.joesandbox.com/analysis/1836662

Signature

Drops PE files to the startup folder

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: System File Execution Location Anomaly

System process connects to network (likely due to code injection or exploit)

Yara detected DDOS Bot

Behaviour

Behavior Graph:

Download SVG

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/b252fb0520a86dc1eb0b8c31cdbd804f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101/

Verdict:

Malicious

Threat:

Trojan.Win32.Reconyc

Link:

https://tip.neiki.dev/file/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101

Threat name:

Win64.Trojan.Barys

Status:

Malicious

First seen:

2025-12-20 10:17:16 UTC

File Type:

PE+ (Exe)

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ikayjm72od2gqc5xo3bbj2yhxnhpoudvq2tj2k2lvdioeo3h2eaq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/251223-nv1vmawla1/

Behaviour

Drops startup file

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/4b6461d6-f85b-434b-a5d9-3593dfaf5b60

Unpacked files

SH256 hash:

428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101

MD5 hash:

b252fb0520a86dc1eb0b8c31cdbd804f

SHA1 hash:

b4b1148a11740af9ef744f916b1bf345cbc13d17

Link:

https://www.unpac.me/results/4b06c0fa-1cd6-4e08-b06f-60bd04b8504a/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/428184b3fa70f4680bb776c214eb07bb4ef7507586a69d2b4ba8d0e23b67d101

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.