MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Prometei

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721
SHA3-384 hash:	d0f768297f9250cea38373c39d3fdb5bd2e67a7da93f36bf4f970dbc123d44f56324945488f1d30755466dc920018c0c
SHA1 hash:	05756ab319fdc0eef2c5d3b9e95f58f7d20afafe
MD5 hash:	3cecd2370671619b62e8acdeb22fa240
humanhash:	arizona-floor-lemon-solar
File name:	54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721
Download:	download sample
Signature	Prometei Create hunting rule
File size:	246'154 bytes
First seen:	2026-06-02 03:01:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	899ad1596f9c6642245b3fb721bae585 (12 x Prometei, 1 x Mirai)
ssdeep	6144:nGxCfPf0s3KPHfBxR8jPs1F1yD9jvryfL9SqXVdOD:nG60BpL8jk1FGjDc8GVdOD
Threatray	59 similar samples on MalwareBazaar
TLSH	T15734BF63A4BCAAAFDDD82F379C4E880713B66FE5D890203E1C44710EFE1A5095F7A516
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4504/4/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	c2hunter
Tags:	exe Prometei wraith

Intelligence

File Origin

# of uploads :

# of downloads :

148

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-06-02 03:04:53 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/561585e4-80ee-4f6e-94a8-eecf59833b79

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/68745/

Detection(s):

SecuriteInfo.com.BackDoor.Spy.4060.5792.17417.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a1e47b9a22676d7bfe4e7d9

Tags:

injection obfusc sage

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Running batch commands

Launching a process

Using the Windows Management Instrumentation requests

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context anti-vm microsoft_visual_cc overlay packed

Link:

https://www.filescan.io/uploads/6a1e47f477463968d618c669/reports/0adc9b47-0cac-4bff-96bd-2b63f9d2b1af/overview

Verdict:

Malicious

Labled as:

Variadic.Prometei.Generic

Link:

https://www.hybrid-analysis.com/sample/54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721

Verdict:

Malicious

File Type:

exe x32

Detections:

HEUR:Trojan.Win32.Sdum.gen

Link:

https://opentip.kaspersky.com/54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/e93b19d7-45f5-49bb-b6da-18daed87f8b0

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721/

Threat name:

Win32.Trojan.VariadicPrometei

Status:

Malicious

First seen:

2026-06-02 03:02:20 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

28 of 36 (77.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ks4pva52svp63qvjguqwcrhp7tkomaddmo7sxumfmavk5p5wq4qq._file

Verdict:

malicious

Label(s):

prometei

Prometei

746b63d7d497335446f403be81473867218d84e3d115962b92f51a76a80a85f8

Prometei

77bd50f5f45bc364014a015c203bd353881e59ecef3ca7ebab005cfaacca6d36

Prometei

e7758e9d4ce571b7a7cf74919b4a8e6753208c9557aac0d33504e219a8748c72

Prometei

e90cf4e769a0e61d6aa7099090604ba79ab399823991fa6d718b492609030f37

Prometei

error

Prometei

+ 49 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260602-djjf4adx8j/

Behaviour

Gathers system information

Runs ping.exe

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

System Network Configuration Discovery: Internet Connection Discovery

Unpacked files

SH256 hash:

54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721

MD5 hash:

3cecd2370671619b62e8acdeb22fa240

SHA1 hash:

05756ab319fdc0eef2c5d3b9e95f58f7d20afafe

Link:

https://www.unpac.me/results/d8373839-8213-47da-9c07-b762961c10da/

SH256 hash:

0a8b8ccba12607de9fb3ed3cb2f50a52a5f5c0b1c9d75d9cdf156f578b193a09

MD5 hash:

6d17a2cd51634ff583639b3cb5e420c9

SHA1 hash:

85c77d7ce1e47b8e236b581a797c15a9a57f6f1b

Link:

https://www.unpac.me/results/d8373839-8213-47da-9c07-b762961c10da/

Malware family:

Prometei

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/54b8fa83ba95/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/54b8fa83ba955fedc2a935216144effcd4e6006363bf2bd185602aaebfb68721

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/68745/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample