MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2
SHA3-384 hash: 3aa9823d3696a46c51ae953ad3d75c3ba9122e500d8203c61c2ff0546e4b7e271d58158da079301182a8a188983b2d7a
SHA1 hash: 2377fcc4fc08e6cf81b54e94935552d84771958a
MD5 hash: b4fd01e2709e151ca8bb1ff19f86cc1c
humanhash: six-princess-apart-washington
File name:SecuriteInfo.com.Win64.MalwareX-gen.22329734
Download: download sample
File size:7'168 bytes
First seen:2026-01-09 14:24:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash c2d02fc98f1d75d7b9457468ec75da0e (5 x Meterpreter)
ssdeep 12:eFGSGZAAt17NrH61O9B/FWr4Wk4G+8J4hyqhWyHawqhaEuIqH3mNk53O1pN:eFGSGmYpFQknehtht6dp5SokWp
TLSH T1C5E19C9AB71558B3FAAD07BF8287CBDAB2BD372043A6470C0550040855819197971F83
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Malware family:
amadey
Create hunting rule
ID:
1
File name:
2to1ep.exe
Verdict:
Malicious activity
Analysis date:
2026-01-09 13:45:15 UTC
Tags:
auto metasploit framework python stealer stealc powershell barys github possible-phishing clickfix amadey botnet phishing miner salatstealer anti-evasion loader asyncrat rat havoc tool generic xenorat svc koistealer tinynuke guloader koiloader njrat meterpreter powershellempire cobaltstrike wannacry ransomware bruteratel coinminer cryptowall formbook azorult xworm pushware adware gh0st stealerium ghostsocks proxyware pyinstaller redline xred rhadamanthys whitesnakestealer remcos screenconnect rmm-tool rdp bladabindi purelogs neshta worm vidar donutloader clipper diamotrix remote gh0stcringe dcrat offloader lumma muckstealer quasar telegram deerstealer anydesk putty xmrig evasion whitesnake purecrypter hijackloader mimikatz pythonstealer websocket pastebin irc backdoor braodo eicar-test bdaejec schoolboy advancedinstaller meshagent credentialflusher netsupport arch-scr java blankgrabber autohotkey pchunter jeefo
Link:
https://app.any.run/tasks/cee5ae02-16cf-467b-9881-d3b9708b2b50

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48299/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69610ff5f50945831dff4452
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
microsoft_visual_cc packed rozena
Link:
https://www.filescan.io/uploads/69610fea07ef5fa68e82c28f/reports/14db70f9-6cff-47db-ba75-00d8c016ee36/overview
Verdict:
Malicious
Labled as:
Win64/Rozena_AGeneric.GT trojan
Link:
https://www.hybrid-analysis.com/sample/527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2
Result
Gathering data
Verdict:
Unknown
File Type:
exe x64
First seen:
2026-01-09T11:26:00Z UTC
Last seen:
2026-01-09T11:26:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/41a00f6d-38dd-4c2f-a6a8-6f4605c64bc9
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/b4fd01e2709e151ca8bb1ff19f86cc1c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2/
Threat name:
Win64.Malware.Tedy
Create hunting rule
Status:
Malicious
First seen:
2026-01-09 14:03:51 UTC
File Type:
PE+ (Exe)
AV detection:
16 of 36 (44.44%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kjzcf7dtjtmncc2id56guibq5h222udyrksf4bujxapmgitxvlra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260109-rrpjzaex8c/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/e70d403a-d893-4592-8eba-54b1b1b0a833
Unpacked files
SH256 hash:
527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2
MD5 hash:
b4fd01e2709e151ca8bb1ff19f86cc1c
SHA1 hash:
2377fcc4fc08e6cf81b54e94935552d84771958a
Link:
https://www.unpac.me/results/7107d032-c085-438c-9580-5a84732f8bc4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Trojan_Metasploit_69e20012
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 527222fc734cd8d10b481f7c6a2030e9f5ad50788aa45e0689b81ec32277aae2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3754266/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/48299/

Comments