MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc
SHA3-384 hash: 28d0c50065aed8b7757e469a46a2c62098868c51b226a52d1c0be079e2faf3c25e6fa43784bdd7789191a64ec6577472
SHA1 hash: 81c66c043982cfee9e60ae94203f4336da0b50c0
MD5 hash: 2690f7c685784fff006fe451fa3b154c
humanhash: skylark-oranges-enemy-sweet
File name:5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc.py
Download: download sample
File size:10'533 bytes
First seen:2026-01-30 04:46:59 UTC
Last seen:2026-01-30 05:01:51 UTC
File type:
MIME type:text/x-script.python
ssdeep 192:A2maqyDhNc90rNsS21W3g/+/X/WqWUC6Dh:A2dV1NcQUZa
TLSH T1C7222EB20C1A5816B072C60D1A53C0D6D31A736B7A261A137ABCB6808FFC975D2D4EFD
Magika python
Reporter KodaDr
Tags:py Python SolyxImmortal spy

Intelligence

File Origin
# of uploads :
2
# of downloads :
102
Origin country :
RU RU
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=697c660e97ed63deecb48ba9
Tags:
dropper stealer virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
python stealer
Link:
https://www.filescan.io/uploads/697c6606552d46acbfefa538/reports/98369c85-fa35-4b34-bf29-68a01b702b9d/overview
Verdict:
Malicious
Labled as:
Python/Spy.Agent
Link:
https://www.hybrid-analysis.com/sample/5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc
Verdict:
Malicious
File Type:
text.utf8
First seen:
2026-01-18T01:19:00Z UTC
Last seen:
2026-01-18T01:33:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc/results?tab=lookup
Score:
15%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc/
Threat name:
Script-Python.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-01-12 09:21:23 UTC
File Type:
Text (Python)
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=linuicdb55sszqqhcwhh4eu7bm5cf3k66xjouwli4hm674zqc66a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260130-jyg5gady8b/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies registry class
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5a1b440861ef652cc207158e7e129f0b3a22ed5ef5d2ea5968e1d9eff33017bc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments