MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 14


Intelligence 14 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125
SHA3-384 hash: 7f07a07e669bafa3d29639d16e803bc227b6bd956b5e2902b9a127b67316c7c4aab1dcd69d3bded7e3c78f047c19d058
SHA1 hash: b6fd3e80fe29dc108cf16a560de21a884978f46c
MD5 hash: 1f1e5c3cd1d05638ef698face814b6f0
humanhash: video-potato-wyoming-one
File name:file
Download: download sample
File size:1'444'864 bytes
First seen:2025-09-16 04:03:06 UTC
Last seen:2025-09-17 04:15:29 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'750 x AgentTesla, 19'656 x Formbook, 12'248 x SnakeKeylogger)
ssdeep 24576:GqyQCImKKEjn5J3/m+mAHEbokGJJ2gYelILtJEbYW2weLFkkzwY1PPpGdpGKUmCj:1lCdKKEjPdmAaokGJUgrlYJEbDgFkTYt
TLSH T1D165335931144D35F1AC8B3AC43203561E82F6A1853E7EABDEFB1C68981AFCEDE506C5
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe


Avatar
Bitsight
url: http://178.16.54.200/files/5998301158/JLX80Su.exe

Intelligence

File Origin
# of uploads :
10
# of downloads :
83
Origin country :
US US
Vendor Threat Intelligence
Malware family:
redline
Create hunting rule
ID:
1
File name:
random.exe
Verdict:
Malicious activity
Analysis date:
2025-09-15 23:42:53 UTC
Tags:
lumma stealer auto redline amadey credentialflusher botnet auto-reg themida loader rdp gcleaner stealc telegram python auto-sch payload evasion anti-evasion vidar coinminer miner auto-startup
Link:
https://app.any.run/tasks/f5679ccb-c1af-446c-8d4d-72c8e3daa008

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/27636/
Detection(s):
SecuriteInfo.com.Win32.MalwareX-gen.44516994.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68c8e196d49ea3f1e4b6484b
Tags:
autorun keylog micro word
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %AppData% directory
Launching a process
Сreating synchronization primitives
Using the Windows Management Instrumentation requests
Connecting to a non-recommended domain
Connection attempt
Sending a custom TCP request
Creating a window
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated obfuscated packed packed packer_detected
Link:
https://www.filescan.io/uploads/68c8e18c73287948292b55bc/reports/17f6d4dd-2c7b-497f-9875-6c8bffe40f4f/overview
Verdict:
Malicious
Labled as:
Jalapeno.Generic
Link:
https://www.hybrid-analysis.com/sample/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-09-15T15:15:00Z UTC
Last seen:
2025-09-15T15:15:00Z UTC
Hits:
~100
Detections:
PDM:Trojan.Win32.Generic Trojan-PSW.MSIL.PureLogs.sb Trojan.MSIL.Inject.sb Trojan.MSIL.Dnoper.sb Trojan-PSW.Win32.Stealer.sb Trojan-PSW.Win32.Coins.sb Trojan-PSW.MSIL.Agentb.sb Trojan.MSIL.Agent.sb HEUR:Trojan-PSW.MSIL.PureLogs.gen
Link:
https://opentip.kaspersky.com/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/bf31d870-14c9-496d-9f28-5e09788f9d6d
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125
Verdict:
inconclusive
YARA:
10 match(es)
Tags:
.Net Executable Managed .NET PE (Portable Executable) PE File Layout SOS: 0.39 Win 32 Exe x86
Link:
https://app.malva.re/file/1f1e5c3cd1d05638ef698face814b6f0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125/
Verdict:
Malicious
Threat:
Family.ZGRAT
Link:
https://tip.neiki.dev/file/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125
Threat name:
Win32.Trojan.Jalapeno
Create hunting rule
Status:
Malicious
First seen:
2025-09-15 20:15:01 UTC
File Type:
PE (.Net Exe)
Extracted files:
4
AV detection:
26 of 38 (68.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kymqkheqx3oeugxu6e2nfzoomcmg3wby6jspva4dhj55dkwj6esq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery
Link:
https://tria.ge/reports/250916-emlw3ayqx5/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Drops startup file
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/9f06e78e-306c-44cf-bb8d-063f3cfa6662
Unpacked files
SH256 hash:
5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125
MD5 hash:
1f1e5c3cd1d05638ef698face814b6f0
SHA1 hash:
b6fd3e80fe29dc108cf16a560de21a884978f46c
Link:
https://www.unpac.me/results/78efc568-70c3-454b-9e56-e2f3e79ea25e/
SH256 hash:
ce202ff8bf710fcf18f2b80073c65f26d07e469fd3830e676158ad0faddd0447
MD5 hash:
3d971c08fd672257a40bbcbf208d9dfe
SHA1 hash:
d2ff3b99fc9ba91958da9f21a614d842595a3a16
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/78efc568-70c3-454b-9e56-e2f3e79ea25e/
SH256 hash:
74e542e976cf1e16a0c98f70286a91ee0222e21f42ff1e2cddeb01633d6ba91e
MD5 hash:
3d19ac69256398b52ef391e50c253bb1
SHA1 hash:
0a057424e5b4af8b6e55fd312565eea8af7e0c54
Link:
https://www.unpac.me/results/78efc568-70c3-454b-9e56-e2f3e79ea25e/
SH256 hash:
6fbb20f448d72488d07d4d6f36e8a8f2600e3b1a7366bf618edef18dd463522f
MD5 hash:
affdc0dba3da5cba3cf719042439cdd3
SHA1 hash:
108cdb4207bd658516266996c53082fa8672c49e
Link:
https://www.unpac.me/results/78efc568-70c3-454b-9e56-e2f3e79ea25e/
SH256 hash:
f61596d561c2617e49871b0305107aa35b795e9e9c68b2c52c198b9bc11b31ec
MD5 hash:
f482b9c5136977118d37f130b4edd738
SHA1 hash:
34b44ca9d7ba57f1eaec52d75d808c948fe6c629
Detections:
SUSP_OBF_NET_Eazfuscator_String_Encryption_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/78efc568-70c3-454b-9e56-e2f3e79ea25e/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/5619051c90be/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Lumma_Stealer_Detection
Create hunting rule
Author:ashizZz
Description:Detects a specific Lumma Stealer malware sample using unique strings and behaviors
Reference:https://seanthegeek.net/posts/compromized-store-spread-lumma-stealer-using-fake-captcha/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 5619051c90bedc4a1af4f134d2e5ce60986dd838f264fa83833a7bd1aac9f125

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3624870/
Cape
Cape
https://www.capesandbox.com/analysis/27636/

Comments