MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3
SHA3-384 hash: e52e25ac74261187c240d334959e3ab336ce6bed621371339b371653337cce476a5626140538193745387a673cec6fec
SHA1 hash: 25ef032d95f2f598c99cecdde9bc5e4264c2610f
MD5 hash: 9e2efe1784907d64b021f8c13f1839c7
humanhash: eleven-mango-oregon-hydrogen
File name:CrimsonLoader.exe
Download: download sample
File size:90'418'176 bytes
First seen:2025-12-20 22:04:30 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:iAZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:iAZui3zQz2jOZKft
TLSH T139187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'324
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/3976e5a5-96d1-4c35-987d-2769ef9f7917/
Malware family:
n/a
ID:
1
File name:
CrimsonLoader.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-20 22:03:41 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/21a85e30-d4ae-44ee-9380-91b47cde0005

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69471d4aee899ae4567f34d2
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69471da45ceddcfa3ff63a73/reports/aa530bf7-cb20-4611-ac64-46a483427c45/overview
Verdict:
Malicious
Labled as:
Malware/Generic
Link:
https://www.hybrid-analysis.com/sample/62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-20T19:14:00Z UTC
Last seen:
2025-12-21T09:24:00Z UTC
Hits:
~1000
Detections:
Trojan-PSW.Win32.Coins.sb Trojan-PSW.MSIL.Stealer.sb Trojan.Win64.Agent.sb Trojan.Win32.Inject.sb Trojan.Win32.Inject.aqvrn RiskTool.BitCoinMiner.TCP.C&C
Link:
https://opentip.kaspersky.com/62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1836853
Signature
Joe Sandbox ML detected suspicious sample
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1836853 Sample: CrimsonLoader.exe Startdate: 20/12/2025 Architecture: WINDOWS Score: 52 22 Joe Sandbox ML detected suspicious sample 2->22 24 Sigma detected: Potential WinAPI Calls Via CommandLine 2->24 8 CrimsonLoader.exe 1 2->8         started        process3 signatures4 26 Suspicious powershell command line found 8->26 11 CrimsonLoader.exe 8->11         started        14 conhost.exe 8->14         started        process5 signatures6 28 Suspicious powershell command line found 11->28 16 tasklist.exe 1 11->16         started        18 powershell.exe 4 11->18         started        process7 process8 20 conhost.exe 16->20         started       
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3
Gathering data
Verdict:
Malicious
Threat:
Trojan.Win32.Inject
Link:
https://tip.neiki.dev/file/62d914e7943ab86399586ab99ce408e025117d4995f026e4ba40eb3791baaec3
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mlmrjz4uhk4ghgkynk4zzzai4asrc7kjsxycnzf2idvtpen2v3bq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/251223-nw5vzawmgt/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ffd1b8a8-24ef-47da-988e-a9a967d5125c
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments