MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 5 File information Comments

SHA256 hash:	5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f
SHA3-384 hash:	7e28c8f910fbde56fa94ad3db4a445c74f852f9dfbc017026ba82e65ef2806a261bcf9541e4ed064f5f48a4d2edc7240
SHA1 hash:	2178c758de77c465014f96262caa4059ba7d996e
MD5 hash:	1974506038c5934399de3c2f6c7544de
humanhash:	arizona-bravo-summer-mirror
File name:	SecuriteInfo.com.Win64.MalwareX-gen.22729.138
Download:	download sample
File size:	6'888'960 bytes
First seen:	2025-05-26 03:22:59 UTC
Last seen:	2025-10-08 13:07:00 UTC
File type:	exe
MIME type:	application/x-dosexec
ssdeep	196608:+aBqkSIIlY1iP9a5NcINcgjq3GdCnMK2rICJj:+rkSbY139coq3ZMHt
TLSH	T174662357F35FCE56E417253D2949D3324A337C2EADE5E30E308C7DA0C8766A91D80A9A
TrID	56.5% (.EXE) Win64 Executable (generic) (10522/11/4) 11.0% (.ICL) Windows Icons Library (generic) (2059/9) 10.9% (.EXE) OS/2 Executable (generic) (2029/13) 10.7% (.EXE) Generic Win/DOS Executable (2002/3) 10.7% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
dhash icon	cc8e333333338ecc (6 x SalatStealer, 3 x DCRat, 3 x SheetRAT)
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

682

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

BootstrapperNew.exe

Verdict:

Malicious activity

Analysis date:

2025-05-04 19:12:56 UTC

Tags:

loader arch-exec arch-scr arch-doc arch-html themida

Link:

https://app.any.run/tasks/a15a81ca-2a1b-4e56-be84-e31ffffc0b02

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.22729.138.UNOFFICIAL

Verdict:

Malicious

Score:

90.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=683275df44c3881e854d08a4

Tags:

adapter packed

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for the window

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated packed packed packer_detected reconnaissance zero

Link:

https://www.filescan.io/uploads/6833de9f171e01f9592cf8d5/reports/9b2a2cef-fb51-4594-9878-3235abc6bedb/overview

Verdict:

Malicious

Labled as:

MSIL/MediaArena_AGeneric.F potentially unwanted application

Link:

https://www.hybrid-analysis.com/sample/5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/1c2ee2ba-09c5-4db1-9531-cc340038812f

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1698975

Signature

.NET source code contains potential unpacker

Antivirus detection for URL or domain

Multi AV Scanner detection for submitted file

Yara detected Costura Assembly Loader

Behaviour

Behavior Graph:

Download SVG

Score:

59%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f/

Threat name:

ByteCode-MSIL.Trojan.Generic

Status:

Suspicious

First seen:

2025-04-24 21:35:42 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

18 of 36 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lpggqycmjrfn23kzfycfkflaetss74ipt4dnvipvioyalv6cuu7q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250526-dxkajsvsht/

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/09627583-6a73-4569-b770-aef9f6abca87

Unpacked files

SH256 hash:

5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f

MD5 hash:

1974506038c5934399de3c2f6c7544de

SHA1 hash:

2178c758de77c465014f96262caa4059ba7d996e

Detections:

INDICATOR_EXE_Packed_Fody

Link:

https://www.unpac.me/results/af9b85ae-3ad0-46a8-a316-a540dcbb62bc/

Parent samples :

f69011241df7a117e2d1e9c6c3dce12343fc25a6415fcb2581b9e9da22debc4e
5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f
a4ce98855ef63a066a638ef4e366bd09fa86a5afe3c9fddd06aa3526b429ca8a
596ff27b44adef1e930afcc123950b24e3c3fb37fc46a860f7ab9059c584f25c
adfe883f52bd263a45dbfa0e7b8c06d9cf16cc5688a233589fb53e1e19a5f6c8
90e4da6d22fab412d9b77d1733d09ba4063bcf83838400a62b9584f963272dee
b58f9a99f7199c607317bef835bb92605b4f9bc350aa3071ccac7fef2746ab20

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5bcc68604c4c4add6d592e0455156024e52ff10f9f06daa1f543b005d7c2a53f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3530776/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high
CHECK_TRUST_INFO	Requires Elevated Execution (level:requireAdministrator)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample