MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 14

Intelligence 14 IOCs YARA 2 File information Comments

SHA256 hash:	5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006
SHA3-384 hash:	5d1c78f079ffde691ce29b217ae894912d01bf7b5032c79b0c7cbe21c18b6959b10b54fba31d6984d96276d94718ebba
SHA1 hash:	2f30678095614d82ee31ddf955db1b8ac2015ed8
MD5 hash:	265ce063dac51635faa44b83c891cadd
humanhash:	seven-dakota-magazine-utah
File name:	Internet Download Manager (IDM) v9.43 Build 25 + Patch (Lifetime Activation).exe
Download:	download sample
File size:	16'867'047 bytes
First seen:	2025-12-23 17:03:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f4639a0b3116c2cfc71144b88a929cfd (98 x GuLoader, 53 x Formbook, 39 x VIPKeylogger)
ssdeep	393216:DvJGJ08UGClIvBqbCS6p/+CBTnEOdMrqatTHNB2mNlW2wT:DvgFClIIt2TTn9daq3QlXwT
TLSH	T1E307330D6B91D813DFDEF3B4B262DD719AD406111F51A819AA6B1F7E3C3318382E2E91
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	aachum
Tags:	exe OffLoader

iamaachum

https://downloadtorrentfile.com/hash/4a0a82535cb3643fc16b71be92a6f5246824515d?name=Internet%20Download%20Manager%20%28IDM%29%20v9.43%20Build%2025%20%2b%20Patch%20%28Lifetime%20Activation%29

OffLoader C2:
accountwhistle.info
quarteranimal.xyz

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

NSIS

Details

NSIS

extracted archive contents

Link:

https://research.acce.ciphertechsolutions.com/results/7fa28311-8a2f-476f-bb1e-31682d102099/

Malware family:

n/a

ID:

File name:

Internet Download Manager (IDM) v9.43 Build 25 + Patch (Lifetime Activation).exe

Verdict:

Suspicious activity

Analysis date:

2025-12-23 17:04:49 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/70138411-da6a-45c9-9a6d-62a324fc3ffd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45886/

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694acbdb01c7b4a8fe551f0a

Tags:

nsis hype

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug blackhole installer installer installer-heuristic microsoft_visual_cc nsis overlay

Link:

https://www.filescan.io/uploads/694acb8ae126b9ff438ea890/reports/68d017ac-6564-482c-97df-0e79b66eb270/overview

Verdict:

Malicious

Labled as:

TR/Dropper.Generic

Link:

https://www.hybrid-analysis.com/sample/5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-12-23T08:03:00Z UTC

Last seen:

2025-12-24T13:36:00Z UTC

Hits:

~100

Detections:

BSS:Trojan.Win32.Generic Trojan-PSW.Win32.Lumma.sb HEUR:Trojan-Proxy.Win64.Microleaves.gen HEUR:Trojan-Downloader.OLE2.Agent.gen Trojan-Downloader.OffLoader.HTTP.C&C BSS:Trojan.Win32.Truebadur.a HEUR:Trojan-Downloader.Win32.OffLoader.gen Downloader.Agent.HTTP.C&C not-a-virus:HEUR:AdWare.Win32.AdUpdater.gen not-a-virus:HEUR:Downloader.Win32.TorrLoad.gen

Link:

https://opentip.kaspersky.com/5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/449dfbdc-7f5e-40fa-9bbf-e0795148d9db

Result

Threat name:

n/a

Detection:

malicious

Classification:

troj

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1838326

Signature

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Performs DNS queries to domains with low reputation

Behaviour

Behavior Graph:

Download SVG

Score:

89%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/265ce063dac51635faa44b83c891cadd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006/

Verdict:

Malicious

Threat:

Trojan-PSW.Win32.Lumma

Link:

https://tip.neiki.dev/file/5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006

Threat name:

Win32.Trojan.OffLoader

Status:

Malicious

First seen:

2025-12-23 17:04:15 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=l776yh2ibcnuvdkbcdzhw6643xzlolm6m2wl37uxwefoi6zmoada._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery

Link:

https://tria.ge/reports/251223-vla16sxlgt/

Behaviour

Enumerates physical storage devices

System Location Discovery: System Language Discovery

System Time Discovery

Loads dropped DLL

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/97d22838-3dd2-4e9a-9a9b-60ee3806f2a7

Unpacked files

SH256 hash:

5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006

MD5 hash:

265ce063dac51635faa44b83c891cadd

SHA1 hash:

2f30678095614d82ee31ddf955db1b8ac2015ed8

Link:

https://www.unpac.me/results/fa475303-9db7-48c3-a77d-f46329845cfa/

SH256 hash:

4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed

MD5 hash:

1d8f01a83ddd259bc339902c1d33c8f1

SHA1 hash:

9f7806af462c94c39e2ec6cc9c7ad05c44eba04e

Link:

https://www.unpac.me/results/fa475303-9db7-48c3-a77d-f46329845cfa/

SH256 hash:

9111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706

MD5 hash:

4add245d4ba34b04f213409bfe504c07

SHA1 hash:

ef756d6581d70e87d58cc4982e3f4d18e0ea5b09

Link:

https://www.unpac.me/results/fa475303-9db7-48c3-a77d-f46329845cfa/

SH256 hash:

85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

MD5 hash:

40d7eca32b2f4d29db98715dd45bfac5

SHA1 hash:

124df3f617f562e46095776454e1c0c7bb791cc7

Link:

https://www.unpac.me/results/fa475303-9db7-48c3-a77d-f46329845cfa/

Malware family:

Lumma

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/5fffec1f4808/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_NSIS_Nullsoft_Installer Create hunting rule
Author:	Obscurity Labs LLC
Description:	Detects NSIS installers by .ndata section + NSIS header string

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 5fffec1f48089b4a8d4110f27b7bdcddf2b72d9e66acbdfe97b10ae47b2c7006

(this sample)

Link

https://tria.ge/251223-t6sahswrhy/behavioral2

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/45886/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample