MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72
SHA3-384 hash: 3f4e742b7cc10a20ddd963f012256422b72a11e942d4e6abc0039933d54b4ea8247b281ff4cc50c59ae8c2d8c0e0a6d1
SHA1 hash: 8c2d11bdd66635e8cecef8901fe08471f49c05a7
MD5 hash: 1f86e58c7812c593b0580972c1164d8d
humanhash: oscar-berlin-nevada-gee
File name:file
Download: download sample
File size:8'971'776 bytes
First seen:2025-12-28 05:35:29 UTC
Last seen:2026-01-05 11:01:04 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 4cea7ae85c87ddc7295d39ff9cda31d1 (86 x LummaStealer, 85 x RedLineStealer, 62 x Rhadamanthys)
ssdeep 196608:xkT+esT5HYPpwnIhI27ddTJ8ezrtUMhzKYgnAuVr:xO+1T5R27n2entUMhzKASr
TLSH T131963300B7E3D499E475677149B55A835A71BC622BB183DF462C942E0B333C1AB31FBA
TrID 41.1% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
26.1% (.EXE) Win64 Executable (generic) (10522/11/4)
12.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
5.1% (.ICL) Windows Icons Library (generic) (2059/9)
5.0% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:dropped-by-gcleaner exe USB.file x


Avatar
Bitsight
url: http://194.38.20.224/service

Intelligence

File Origin
# of uploads :
24
# of downloads :
125
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/2e6dfc1a-0e42-49d9-8405-6204efa02e8c/
Malware family:
n/a
ID:
1
File name:
_529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72.exe
Verdict:
Malicious activity
Analysis date:
2025-12-28 05:36:32 UTC
Tags:
autoit auto-sch trojan auto-startup screenconnect rat
Link:
https://app.any.run/tasks/3b4f82ef-121b-4ca0-978a-ad410cc564a6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/46258/
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6950c1ce4503237b77fbe451
Tags:
autorun autoit emotet
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context autoit CAB expand installer installer installer-heuristic lolbin lolbin microsoft_visual_cc packed rundll32 runonce sc sfx unsafe
Link:
https://www.filescan.io/uploads/6950c1c7a7163552ba057c28/reports/d013ebb8-75ac-4d18-9308-365135960c3b/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-28T02:47:00Z UTC
Last seen:
2025-12-30T00:45:00Z UTC
Hits:
~10
Detections:
Trojan-Dropper.Win32.Agent.sb Trojan.Win32.Agent.sb Backdoor.Win32.Agent.myxcde Backdoor.Agent.UDP.C&C
Link:
https://opentip.kaspersky.com/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/af413459-5b79-4e16-b3e3-7d335ed4f512
Score:
78%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72/
Verdict:
Malicious
Threat:
Trojan.Win32.Agent
Link:
https://tip.neiki.dev/file/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72
Threat name:
Win64.Backdoor.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-28 05:36:15 UTC
File Type:
PE+ (Exe)
Extracted files:
31
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kknqdeglz5k2cfrvtcd3as4ml5a64x6goaiictpem6ztdkgwl5za._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/251228-gamzpssjdn/
Behaviour
Modifies registry class
Scheduled Task/Job: Scheduled Task
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Program crash
System Location Discovery: System Language Discovery
Launches sc.exe
Suspicious use of SetThreadContext
Adds Run key to start application
Drops startup file
Executes dropped EXE
Suspicious use of NtCreateUserProcessOtherParentProcess
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a37bdcbb-8cd8-45e7-82ed-217b50f2777f
Unpacked files
SH256 hash:
529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72
MD5 hash:
1f86e58c7812c593b0580972c1164d8d
SHA1 hash:
8c2d11bdd66635e8cecef8901fe08471f49c05a7
Link:
https://www.unpac.me/results/3c39cbfd-e6dd-4ea2-b8a6-95668134cbb3/
Malware family:
CypherIt
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/529b0190cbcf/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_Redline_Stealer
Create hunting rule
Author:Varp0s

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 529b0190cbcf55a116359887b04b8c5f41ee5fc67010814de467b331a8d65f72

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/46258/

Comments