MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928
SHA3-384 hash: d451853783c449cc9b304235d3798ed68d012e3824d0d51494ee41936575a7fc09ec3e925f50605e3612d4e720e621eb
SHA1 hash: fb12fb330ebf45e6b0c245f6a772c74ccf654333
MD5 hash: e815097024bc7e15b9b8aea38c4da9bf
humanhash: don-gee-green-oven
File name:Loader.exe
Download: download sample
File size:89'345'536 bytes
First seen:2026-03-05 18:53:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 359e649ab913e838011b9d61180c7f7f (1 x MicroStealer)
ssdeep 786432:efgXTwWcQDgFFo5+6eYJL7b9VpgPVlcm6:6GTwUDgFFoB7bm
TLSH T173187D03B3A705D5E8FBDA7196E652136932BC066F3095DF324C07262F73AE05A76B21
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon 2896969606a6dec8 (1 x MicroStealer)
Reporter abuse_ch
Tags:de-pumped exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'304
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
Loader.exe
Verdict:
No threats detected
Analysis date:
2026-03-05 18:54:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/697b681f-d471-4620-b9d8-ec613beec9e7

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a9d17de1f958bf6683fdab
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69a9d16410e80629d4fdf1fc/reports/e07b8fef-94b7-49bb-8ff4-e6a774d5a065/overview
Verdict:
Malicious
Labled as:
JS/Agent_AGeneric.O trojan
Link:
https://www.hybrid-analysis.com/sample/635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928
Verdict:
Unknown
File Type:
exe x64
Link:
https://opentip.kaspersky.com/635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1879188
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-05 18:54:49 UTC
File Type:
PE+ (Exe)
Extracted files:
18
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mno6qpy5rigen2uemmmzz7d4ljxet2rlygfomhmlhzjclwyrreua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260305-xkfw5sft9k/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

MythStealer

rar df1a763ffa0ff40e18d51cf698b86c230f7a746a9a6193532607b8374c64636c

Executable exe 635de83f1d8a0c46ea8463199cfc7c5a6e49ea2bc18ae61d8b3e5225db118928

(this sample)

  
Dropped by
MD5 85187d040a4236df6d25bd2c1fcd627a
  
Dropped by
SHA256 df1a763ffa0ff40e18d51cf698b86c230f7a746a9a6193532607b8374c64636c

Comments