MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad
SHA3-384 hash:	0d2bbed25371eca176449232f59c508575484f70d0ba60c4cb86159b299ae660ff3ebe5fbb583c1a35d5f70862c33d68
SHA1 hash:	894e1796044c30bb634702e96db35b19a599ea0c
MD5 hash:	e19b940c1dc12d25544308f5d351b3ee
humanhash:	blossom-hot-stairway-michigan
File name:	4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad
Download:	download sample
File size:	1'058'816 bytes
First seen:	2026-03-06 15:12:35 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'845 x AgentTesla, 19'778 x Formbook, 12'298 x SnakeKeylogger)
ssdeep	12288:kN55Cq7Jb8G26y7p3YS+quCvCY6+6WGEJ5Bjp1K0XGeglq7ehF4l8V5FHg0ktf/w:C7P4lTp3YHdCvVGEdXng07ehpIDqU/
TLSH	T10635BF2537E50A04E07BE739967A0E500BF0BD52CA22DB1EBD5501FD6939BA18B72723
TrID	73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win64 Executable (generic) (6522/11/2) 4.5% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	adrian__luca
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

backup-message-10.203.0.55_9045-114243.7z

Verdict:

Suspicious activity

Analysis date:

2026-02-20 02:48:06 UTC

Tags:

netreactor

Link:

https://app.any.run/tasks/f06cdf34-46a4-4235-83ad-d5e72aa8c30f

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/56183/

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69aaef40e1f958bf668490ef

Tags:

stealer virus msil

Verdict:

Malicious

Labled as:

lazy.Generic

Link:

https://www.hybrid-analysis.com/sample/4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad

Verdict:

Malicious

File Type:

exe x32

Link:

https://opentip.kaspersky.com/4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/ab7efb1c-5ab3-42b2-a5c2-c467a1a53fc9

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad/

Threat name:

ByteCode-MSIL.Trojan.DarkTortilla

Status:

Malicious

First seen:

2026-02-19 11:57:19 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

25 of 36 (69.44%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jzorll6dpyytffvcp6kaajixwni3vuw4h46rcjpcn3ahrnl63owq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/260306-sl1wgsbt2v/

Behaviour

System Location Discovery: System Language Discovery

.NET Reactor proctector

Unpacked files

SH256 hash:

4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad

MD5 hash:

e19b940c1dc12d25544308f5d351b3ee

SHA1 hash:

894e1796044c30bb634702e96db35b19a599ea0c

Link:

https://www.unpac.me/results/ea2880b7-c59e-4a42-a8cf-bba41d0dcf9c/

SH256 hash:

a6a6cf76c8a7dd497424f636ddaa9c58a77971f9b267b257f1906c0388c281d6

MD5 hash:

f0ff6d188e5191a7295ae1e852259e7d

SHA1 hash:

c3f1b28ff5806069dc6b694eb2c40af6bdc27078

Detections:

SUSP_OBF_NET_Reactor_Indicators_Jan24

INDICATOR_EXE_Packed_DotNetReactor

Link:

https://www.unpac.me/results/ea2880b7-c59e-4a42-a8cf-bba41d0dcf9c/

Parent samples :

24d6cbd8f4eb920651f82adb1288cd4d5227f6bcd8fe71341ebdeb434bbfae01
b430b6d8ffe30bb994eb58e11cab86092452755f0044acba6de4ef305f8fc28c
6f998e066e89d74f97f68b8b300cbf96f10df8bca0f96b78082e54ae578c6808
dbd4edd258813db2cac4abddb2a4230b62874591c09daa6ffbcd5c9022ebd042
787603ed370b21f4b0c042915f7fec0e3ad9f1a74f9bea21a99f9e7a5232a31c
cf790980d19ae946d6de6a03100ec1c207ceff95cf7e220d90108c2749fd0f63
24a07efb7c95800b89d34683abe09cf8e7d7776483f586abca769c2f98bb67c6
5524f65612afc339bd726ce2d20c9b8040a2137c7c23d8b68c47fe35a02c616d
55a9d922e96e48f6dafe5d3a8026268cc10ae3958b61b9121f0e4c93edca3b29
c2f557d0ec74807286105a5a4a0303d68638aaab4642aba9f035231742a0f38e
fdb5f65b86c93754b642aa54fa2628355c0bfd389bed24e435fef2d49ce6c8e4
4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad
82cf55fa23c0c2493080bf0cbf52165ee502a58c782f8d85cfbbb5e601f8b6b3
9e82ffb9944fb58a8f2ea6c728ce6e3afa6560563666701d125b295fbf209bb3
b8e84695c8a14f7223d17d6957f4eb1ef4cadba8918911a5988b51a925042cfc
7157165f0ec7acf431db00aed0a0afbf01a2314396797399194ef0e80f6b2f54
4cc2ab119438950aeee01fd33fe268802e5362cb0d38349bf5df6269d9b8462f
d864a30d450157ee025d97dcd2a6a6bf386719fc4c14ca361f85aa914665657c

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.95

Link:

https://yomi.yoroi.company/submissions/4e5d15afc37e313296a27f94002517b351bad2dc3f3d1125e26ec078b57edbad

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/56183/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample