MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e
SHA3-384 hash:	416659f1e80e25be137ff74172efa0d3aa67a5c4c66e6506ade26cad92283a83e8c6a371d234d2afbfa139d44942b5b8
SHA1 hash:	6f2ac8752b13926875ee8c2769578fd62bef1142
MD5 hash:	55c2721acad39688475a6b5baa50597d
humanhash:	quiet-triple-tennis-beer
File name:	5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e
Download:	download sample
File size:	81'314'885 bytes
First seen:	2026-03-01 09:06:31 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	957d237db44af201299a1e8ffc6df035
ssdeep	786432:6B5zM31we2iBrxDvIEMwHVCgPiTviURVJVWV1CVuWwoz3faN+BRWYF3eKYpiW1QB:6rA1wejHt2iURVJVK1CxPyqOBpiBnV4I
TLSH	T17308E00663E116AAD577D2388AAB6503EB73B4071330C7EB329C43652F63AE45D7E760
TrID	38.2% (.EXE) Win64 Executable (generic) (6522/11/2) 26.4% (.EXE) Win32 Executable (generic) (4504/4/1) 11.8% (.EXE) OS/2 Executable (generic) (2029/13) 11.7% (.EXE) Generic Win/DOS Executable (2002/3) 11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
dhash icon	f89efcf8f971f2e0 (10 x NodeLoader, 9 x FixStealer, 6 x Amadey)
Reporter	JAMESWT_WT
Tags:	exe kurdishmyth MythJs

Intelligence

File Origin

# of uploads :

# of downloads :

136

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/87cac59e-96e0-4c28-8e68-ef2a63ceb8a3/

Malware family:

n/a

ID:

File name:

5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e

Verdict:

Malicious activity

Analysis date:

2026-03-01 09:09:14 UTC

Tags:

nodejs anti-evasion discord stealer ims-api generic susp-powershell

Link:

https://app.any.run/tasks/fb36d841-1220-4320-9182-a34dde103017

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a402598fffa866e3b39869

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

expand lolbin microsoft_visual_cc overlay packed pkg

Link:

https://www.filescan.io/uploads/69a401cc10e80629d4f731a2/reports/437e7e01-9984-4bf1-9d35-fca64230ca1a/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e

Verdict:

Malicious

File Type:

exe x64

Detections:

Trojan.Win64.Agent.smfplx

Link:

https://opentip.kaspersky.com/5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e/results?tab=lookup

Score:

89%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e

Gathering data

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/5f8777c61e44b83c2248277d46de01485a9810f923ff7c5775349f1fe288a61e

Threat name:

Win64.Trojan.Redirector

Status:

Malicious

First seen:

2026-02-22 19:28:06 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=l6dxprq6is4dyisie56unxqbjbnjqehzep7xyv3vgspr7yuiuypa._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion execution spyware stealer

Link:

https://tria.ge/reports/260301-k3hggagz8a/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Kills process with taskkill

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Contacts third-party web service commonly abused for C2

Checks BIOS information in registry

Loads dropped DLL

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample