MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce
SHA3-384 hash: dce87ef73e3a5357646a17210e7fd406df46215f7689cad56547cbfe433f801deb1e66f2026f9685f080456efda6f99f
SHA1 hash: fbf150ef350d4fef695bb9b23117eeeda2c2f694
MD5 hash: 7ad6db2b3b0d447a09e69ff45449aa59
humanhash: mirror-speaker-california-april
File name:file
Download: download sample
File size:168'960 bytes
First seen:2025-10-17 04:04:22 UTC
Last seen:2025-10-17 05:16:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 742da7a14df7ce098fd9737bf910c21d
ssdeep 3072:yr2EkapnS+BPtbj7IkNUWUCuVO0Z/5q56lRKq20OA6TdTrpaoagG:yrrkaVP1j7IkSxzZ/c4xvODRTrk
TLSH T125F30191E91C7ED7D03CA7B1E7379BC52B0CDC2A4418C62F3198752ADAAC64B3A43349
TrID 54.9% (.EXE) UPX compressed Win32 Executable (27066/9/6)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4504/4/1)
4.1% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe


Avatar
Bitsight
url: http://178.16.55.189/files/7632405658/hmms7X3.exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
67
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2025-10-17 04:07:04 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/899d993b-c0ba-4271-a585-e3ad9695de73

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/33148/
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68f1c06372d478f905988432
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
microsoft_visual_cc obfuscated packed packed packed packer_detected upx
Link:
https://www.filescan.io/uploads/68f1c0cd5de1648b25d4e9ae/reports/eea681a7-726c-4cac-b582-538b7015ff8d/overview
Verdict:
Malicious
Labled as:
Babar.Generic
Link:
https://www.hybrid-analysis.com/sample/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-16T20:40:00Z UTC
Last seen:
2025-10-17T10:09:00Z UTC
Hits:
~10
Detections:
VHO:Trojan-Banker.Win32.Convagent.gen VHO:Trojan-Banker.Win32.Bandra.gen
Link:
https://opentip.kaspersky.com/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4b72ae09-3c25-4bad-8767-bffd682fdf3b
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/7ad6db2b3b0d447a09e69ff45449aa59
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce/
Verdict:
Malicious
Threat:
VHO:Trojan-Banker.Win32.Bandra
Link:
https://tip.neiki.dev/file/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce
Threat name:
Win32.Trojan.Amadey
Create hunting rule
Status:
Malicious
First seen:
2025-10-16 23:05:16 UTC
File Type:
PE (Exe)
Extracted files:
13
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kvzdgsbvnpkvxow7u4jarvbv5a343opczadwwg7agj43fc5s5hha._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery upx
Link:
https://tria.ge/reports/251017-epvlzshn9s/
Behaviour
System Location Discovery: System Language Discovery
UPX packed file
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ee86b52c-4f3b-4a8f-beb2-6586bc9687e9
Unpacked files
SH256 hash:
55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce
MD5 hash:
7ad6db2b3b0d447a09e69ff45449aa59
SHA1 hash:
fbf150ef350d4fef695bb9b23117eeeda2c2f694
Link:
https://www.unpac.me/results/5a93c369-5c7a-422d-a487-aa02a61a6cfa/
SH256 hash:
bd1918b7f5549dee6a03931610c2aba94a744551f9e190c2c896fbd952954d66
MD5 hash:
95f1f402b1fa8abee93be502d48f820a
SHA1 hash:
035d02a886e1d277b8b170a5bb8bea602119fc93
Link:
https://www.unpac.me/results/5a93c369-5c7a-422d-a487-aa02a61a6cfa/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.56
Link:
https://yomi.yoroi.company/submissions/55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 55723348356bd55bbadfa71208d435e837cdb9e2c8076b1be03279b28bb2e9ce

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3679646/
Cape
Cape
https://www.capesandbox.com/analysis/33148/

Comments