MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 15


Intelligence 15 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
SHA3-384 hash: 6995c2ad345c14119f8dd9174c10e55d5392f5028dd3741b6605ce4950c0d8b21da23ca2244e4e64a8c474b29235a7c8
SHA1 hash: dccf8ffe112865253fd752672a2626bb34c96aae
MD5 hash: a4af1b44f371e53cd243eca483f3111b
humanhash: oscar-march-ohio-lithium
File name:68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
Download: download sample
File size:11'957'199 bytes
First seen:2026-02-04 16:19:21 UTC
Last seen:2026-02-04 17:20:53 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 29b61e5a552b3a9bc00953de1c93be41 (174 x Formbook, 82 x AgentTesla, 81 x Loki)
ssdeep 196608:wDTEq55J2U61tNKjpY2mg53cLEF3d3nafyDIfKoI3xosyQXzjIAvB3LDeiXs:Enl2U61PK1Y2zb3aH1mjjIApPeiXs
TLSH T152C63371CB8B4296DDBF4138CC3A111AF71DD6D5C16E3F9C76D0D6ABA2068E90B8D602
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter Neiki
Tags:exe hackbrowserdata

Intelligence

File Origin
# of uploads :
2
# of downloads :
166
Origin country :
DE DE
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
Link:
https://research.acce.ciphertechsolutions.com/results/03e8a3ff-f80d-4834-8b18-f198d04184dd/
Malware family:
n/a
ID:
1
File name:
NullXFIVEM.exe
Verdict:
Malicious activity
Analysis date:
2026-02-04 16:13:59 UTC
Tags:
evasion discord exfiltration stealer ims-api generic confuser crypto-regex arch-doc
Link:
https://app.any.run/tasks/9db52f00-e512-4772-b18f-cb58a2d9c1a4

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/51720/
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=698370476b1af47db72ce2e9
Tags:
shell sage remo
Verdict:
Malicious
Labled as:
HEUR/AGEN.1338660
Link:
https://www.hybrid-analysis.com/sample/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
Result
Gathering data
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-12-30T12:42:00Z UTC
Last seen:
2025-12-31T19:42:00Z UTC
Hits:
~10
Detections:
PDM:Trojan.Win32.Generic Trojan-PSW.MSIL.BlitzedGrabber.sb Trojan.Win64.Agent.sb Trojan.Win32.Agent.sb Trojan.MSIL.Evader.sb HEUR:Trojan-PSW.Win64.BroPass.sb Trojan-PSW.Win32.Greedy.sb Trojan-PSW.Win32.Stealer.sb Trojan-PSW.Win32.Greedy.jff Trojan-PSW.Win32.Disco.sb HEUR:Trojan-PSW.MSIL.Disco.gen HEUR:Trojan.Win32.Generic Trojan-PSW.Disco.HTTP.C&C NetTool.DiscoGetMe.HTTP.C&C
Link:
https://opentip.kaspersky.com/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16/results?tab=lookup
Malware family:
Devolutions inc.
Create hunting rule
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/1a50cad2-e9ab-40ef-be96-ef6efb0dc3ef
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/a4af1b44f371e53cd243eca483f3111b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16/
Verdict:
Malicious
Threat:
Family.HACKBROWSERDATA
Link:
https://tip.neiki.dev/file/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
Threat name:
Win32.Trojan.Tedy
Create hunting rule
Status:
Malicious
First seen:
2025-12-30 18:00:43 UTC
File Type:
PE (Exe)
Extracted files:
30
AV detection:
27 of 36 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ndmz6rkkunmxgkxkxebzs44rqih4ajc4cjwyn3dbc7d5irhcvyla._file
Verdict:
malicious
Label(s):
stomidastealer
Create hunting rule
Similar samples:
error
Result
Malware family:
hackbrowserdata
Create hunting rule
Score:
  10/10
Tags:
family:hackbrowserdata discovery infostealer installer persistence privilege_escalation spyware stealer upx
Link:
https://tria.ge/reports/260204-ts9yeaex8c/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Wi-Fi Discovery
ConfuserEx .NET packer
UPX packed file
Contacts third-party web service commonly abused for C2
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
An open source browser data exporter written in golang.
HackBrowserData
Hackbrowserdata family
Unpacked files
SH256 hash:
68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
MD5 hash:
a4af1b44f371e53cd243eca483f3111b
SHA1 hash:
dccf8ffe112865253fd752672a2626bb34c96aae
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
bcc48a2e27c24c0e8d4e71ffff96eb536abf8bf0c3f956b8a21d156f98aecc2c
MD5 hash:
0b80d2b1131b6138cc0572a56ba5584f
SHA1 hash:
8894ef14e35ed4bc1943b2ff09990c230d122948
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
407b7cc72a8e37d0c2916e1ff0297b39aaeaee1389876df984220d167627591a
MD5 hash:
690a49a8eea014d251dd47423b72da85
SHA1 hash:
be9f786dc7710b603374bcdb14c39053469fa21d
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
e10080c3b13c49ec96dcbeb694e8167f6630ea5f5cbae7bb60a83f3745cf05a6
MD5 hash:
fce5bf9549199706bf0c3e22e2cf9ea2
SHA1 hash:
a71533d382d8a99ed8b410bdbff268808505a12a
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
339af6151f460ee584ad308725575659ad6ccc89583b9fe4f305dbf782dfb4ed
MD5 hash:
267376e98a721b3a8fc0ffaae928a2b4
SHA1 hash:
7d0bda0d728da8f0c4a35813f4a4f95f2134c001
Detections:
INDICATOR_EXE_Packed_ConfuserEx
Create hunting rule
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
28c85f29ac63a2aac0aeaa41b37f640296b1bf2ff672e9452ed30527065d5c54
MD5 hash:
b5a33f68e98ef6f08cc4d1dbce872e16
SHA1 hash:
07a4a43009951a56ba3cd89f8f4be181aebb9cfd
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
4bf29ab77e93baf1dd1359e5505c392c9c2bbeffe14b54d45d1491ed230afbbf
MD5 hash:
45df1a1b72b4e6596ba6a6a6bbf04073
SHA1 hash:
0965abb47a11ee2b7e614a571d8e030f0a5ccb3c
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
14e3adaae76aa5c5ebaf9d28ec959e2f145ebf84b84b88e5d1bb2858f7ea7530
MD5 hash:
d89039e2ce387ade0716da625fafe848
SHA1 hash:
1bb3e2dcc50dee4a8355ff5e6634a94cf2074bb1
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
8e0d81cc2a32b55eb9a83d7ffdc8e522778af5c2ebe335be630d801a40e2dd78
MD5 hash:
ae8205c36524883abb2dceb381f672ff
SHA1 hash:
9e3a8657873d51634a3f1218c8d03e525d4ade2a
Detections:
INDICATOR_SUSPICIOUS_EXE_DiscordURL
Create hunting rule
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
bb728bee5b7b7f7877cab1305a6373ec3d64eb8b702d9eacc8caa8dd1f592d41
MD5 hash:
0fe97519594d61a184fee81ae1b71c8d
SHA1 hash:
be2af6bfb3b9e1928b78a207b39808231e25412d
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
SH256 hash:
02efea3c51325a5b9e09a96140c3d06438f790330715d24999dbe71d4fe149f7
MD5 hash:
135c14d7cf9355ae0c80220a3c311dd3
SHA1 hash:
fba9a91e88cdf7d358913814310069696bc3071c
Link:
https://www.unpac.me/results/b2574843-44d7-46c9-94a6-b36fc29054d6/
Malware family:
BlitzedGrabber
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/68d99f454aa3/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_SliverFox_String
Create hunting rule
Author:huoji
Description:Detect files is `SliverFox` malware
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
https://www.threat.rip/file/68d99f454aa359732aeab903997391820fc0245c126d86ec6117c7d444e2ae16
Cape
Cape
https://www.capesandbox.com/analysis/51720/

Comments