MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e
SHA3-384 hash: 8529c69609c3e18d3a45e786b090c8622b4ceb8f10134d38371964733ad14b346cab113037eb9e1b195b2c8e71139680
SHA1 hash: 260f01e90473ccfdf9316cee2628b4382f991e60
MD5 hash: 42ed473e6f79db40f0c5876b5ceb1c8b
humanhash: october-lactose-fanta-october
File name:Google AI Browser v2.4.7.msi
Download: download sample
File size:93'035'008 bytes
First seen:2025-03-12 22:55:52 UTC
Last seen:2025-03-12 23:45:27 UTC
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 1572864:iKiOcV+S8QOW/G9je++1r0Sd+c+G4xhflKKq65/uOe1LW9Q05LR8JmKulyVrzwXW:chV+z+WeJ1ZdFxAzKj6KMQ0FeJmlUVvM
Threatray 2 similar samples on MalwareBazaar
TLSH T16F183330B1677999D62F67BFE0A45FC84031BDE1B31B966B23787FA585B168720B1803
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter GDHJDSYDH1
Tags:backdoor FakeApp FakeChrome msi ShellCodeRunner Winos4.0

Intelligence

File Origin
# of uploads :
2
# of downloads :
148
Origin country :
US US
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d22398dff6bd921908aa02
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context cmd crypto fingerprint lolbin redcap remote wix
Link:
https://www.filescan.io/uploads/67d211133c5f644bd95043e5/reports/b79f425e-04b3-4dbf-9e14-6ee0bdf7c98a/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1636610
Behaviour
Behavior Graph:
n/a
Score:
1%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e
Gathering data
Threat name:
Win64.Adware.RedCap
Create hunting rule
Status:
Malicious
First seen:
2025-03-12 19:18:40 UTC
File Type:
Binary (Archive)
Extracted files:
1537
AV detection:
10 of 38 (26.32%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nhdkxyyb3gia427i3venbdfvrp7eo6zsgwbivd6v3u6zotsdcapa._file
Verdict:
malicious
Label(s):
donut_injector
Create hunting rule
Similar samples:
8cea17eff24495134a3e6389071ed05d067057fff645ed688af65209cd913890
error
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery
Link:
https://tria.ge/reports/250312-2wr6rswtds/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Loads dropped DLL
Enumerates connected drives
Verdict:
Malicious
Tags:
Win.Ransomware.Protected-9838686-0
YARA:
n/a
Link:
https://app.threat.zone/submission/5e22b9a0-7b77-4681-89bc-5b761d13d3d8
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi 69c6abe301d9900e6be8dd48d08cb58bfe477b3235828a8fd5dd3d974e43101e

(this sample)

  
Link
https://tria.ge/250312-2ka34sxjz9
  
Delivery method
Distributed via web download

Comments