MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f
SHA3-384 hash: 5bcb4519a361292d5b847381d20d1d735d172c4053c44d18fc4b787654d0def4b751e383988c239a92263ab2e9c23de4
SHA1 hash: 070bd90e1c9d51516406ab9a19c78055e4abd5ae
MD5 hash: 6380ac00e3b181308ed5c033aef70777
humanhash: magnesium-hamper-king-chicken
File name:Dwglq.msi
Download: download sample
File size:8'882'176 bytes
First seen:2026-03-18 11:16:41 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 196608:nylQ21y5xC75LBWSyFNm9byLVvOi1bNejQSt4kA7tr:n121y2FBWSyFNjRvYjL2
TLSH T1AE961211638AC276E16E01B7D82DEE0EE1357DA7073141CBA3F4B99E2E724C1567DB82
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter Ling
Tags:MalGeneric msi Trojan:Win32/Malgent!MSR


Avatar
CNGaoLing
This sample has been reviewed by Microsoft researchers and determined to be malware. (Trojan:Win32/Malgent!MSR)

MalGeneric IOC (Domain qaqchawu.com)

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
US US
Vendor Threat Intelligence
Malware configuration found for:
MSI
Details
MSI
an embedded setup program or component
Link:
https://research.acce.ciphertechsolutions.com/results/595b22da-9320-4875-bb47-eb59f7f9fffe/
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57976/
Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ba89bd93b644ca466b45b9
Tags:
shellcode virus hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug base64 cmd expired-cert expired-cert fingerprint keylogger lolbin msiexec overlay packed packed short-lived-cert wix
Link:
https://www.filescan.io/uploads/69ba89ba4678eefbc7ae1844/reports/800cc96b-14b1-4eb1-8f2d-0b03fdd10a24/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
msi
Link:
https://opentip.kaspersky.com/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f/results?tab=lookup
Score:
92%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f/
Verdict:
Malicious
Threat:
Trojan.Win32.Blamon
Link:
https://tip.neiki.dev/file/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kb2wfho67pyi7pupox5wcad67dffy45bi3mygkuwdnoawwbs7fxq._file
Verdict:
malicious
Label(s):
metasploit
Create hunting rule
krbanker
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence privilege_escalation
Link:
https://tria.ge/reports/260318-ndsspaev7n/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Enumerates connected drives
Loads dropped DLL
Malware family:
BlackMoon
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5075629ddefb/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_MSI_LATAM_Banker_From_LatAm
Create hunting rule

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 5075629ddefbf08fbe8f75fb61007ef8ca5c73a146d9832a961b5c0b5832f96f

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/57976/

Comments