MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GenesisStealer


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b
SHA3-384 hash: 912184f8a6728e3a75dc4a70868a1e415dba5bd51cbf1276a668ba8033bfeb782d9175c0cf0ba7571c1d16b17655642e
SHA1 hash: d402d9d7787ec551be7bb5c9550b8f6f34678516
MD5 hash: a1c959f9ef4e304ca1146c956b84f746
humanhash: zulu-kansas-eight-foxtrot
File name:panel.exe
Download: download sample
Signature GenesisStealer
Create hunting rule
File size:68'480'832 bytes
First seen:2025-08-25 20:23:20 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4d0fb8dc9ee470058274f448bebbb85f (4 x NodeLoader, 3 x Rhadamanthys, 3 x DogeStealer)
ssdeep 393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfO:fMguj8Q4VfvVqFTrYiVoVzS/Wyw
TLSH T193E79E0633E501A7E5B7923A8A9B4103E772B0575731D7CB318C43582F9BFE49A7AB60
TrID 40.3% (.EXE) Win64 Executable (generic) (10522/11/4)
19.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
17.2% (.EXE) Win32 Executable (generic) (4504/4/1)
7.7% (.EXE) OS/2 Executable (generic) (2029/13)
7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter burger
Tags:exe GenesisStealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://witchspiregame.com/Download/Setup_WitchSpire.zip
Verdict:
Malicious activity
Analysis date:
2025-08-25 20:17:01 UTC
Tags:
stealer evasion arch-doc loader websocket nodejs
Link:
https://app.any.run/tasks/35ecbb67-e0e3-470d-8cfb-75c6ecf7a60e

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68acc6823e988eb6ab82b66d
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Sending a custom TCP request
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b
Verdict:
Unknown
File Type:
PE
First seen:
2025-08-25T17:41:00Z UTC
Last seen:
2025-08-25T17:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
3 / 100
Link:
https://www.joesandbox.com/analysis/1764911
Behaviour
Behavior Graph:
n/a
Score:
83%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kcrwfrm6vrf5fvwd4ii7htowmfst6sovauean5uyssoheenmnj5q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/250825-y6k9es1r14/
Behaviour
Loads dropped DLL
Verdict:
Suspicious
Tags:
trojan
YARA:
EXE_Unknown_Byakugan_April2024
Link:
https://app.threat.zone/submission/b20b58dc-6502-45ff-827f-9c9c95bcb32c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ec2ddc26b9659c708606c83ab342691a48c5c1d0d4183b1facb4791eb02ecd11

GenesisStealer

Executable exe 50a362c59eac4bd2d6c3e211f3cdd661653f49d5050806f698949c7211ac6a7b

(this sample)

  
Dropped by
SHA256 ec2ddc26b9659c708606c83ab342691a48c5c1d0d4183b1facb4791eb02ecd11
  
URLhaus
https://urlhaus.abuse.ch/url/3611312/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3611622/

Comments