MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Fuery

Vendor detections: 12

Intelligence 12 IOCs YARA 16 File information Comments

SHA256 hash:	6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63
SHA3-384 hash:	08133f5204b36ae387466addd60656345a871bb206a036a2c9fecd94b5fb049d9cf68616977fa2481d1516e727842ea8
SHA1 hash:	8fc9e0c6e8a0e4193d6369fb5563540b2dee2a57
MD5 hash:	cf7c00f102d4c6950a9896a6ee7162bb
humanhash:	cola-sad-august-beer
File name:	b1JNsvy.exe
Download:	download sample
Signature	Fuery Create hunting rule
File size:	1'826'304 bytes
First seen:	2026-03-11 07:51:37 UTC
Last seen:	2026-03-12 17:31:46 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	5af915f278815e76bad476ef32593028 (2 x AmateraStealer, 2 x ACRStealer, 2 x Fuery)
ssdeep	24576:NGb+1l97xc6Ht5DecD+HcLxBZllWAFhOhgjgcdEPTlpepyFD:NnFp9xV3gcdaTlpsy
Threatray	13 similar samples on MalwareBazaar
TLSH	T1F5854901FEC744B5E906273269EB22EF2374A8090F369B97DA407A7DF9776D60932305
TrID	50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.5% (.EXE) Win64 Executable (generic) (6522/11/2) 8.1% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	abuse_ch
Tags:	exe Fuery

Intelligence

File Origin

# of uploads :

# of downloads :

128

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

vidar

ID:

File name:

_68b2ba043b5c693aca54c6ee5a41009732676ca07a4ff2c4c33e1c681b795833.exe

Verdict:

Malicious activity

Analysis date:

2026-03-11 07:15:58 UTC

Tags:

gcleaner loader stealer stealc vidar evasion anti-evasion autoit trojan auto-startup xor-url generic auto-reg golang sainbox rat rust inno installer delphi botnet kamasers udados

Link:

https://app.any.run/tasks/49979b3a-5786-4e06-8ce2-c8e20a2ed21c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57021/

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b11f35e41a5a09993204a7

Tags:

n/a

Gathering data

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

Verdict:

Malicious

File Type:

exe x32

Detections:

Backdoor.Win32.Agima.a Backdoor.Win32.Agima.sb Backdoor.Win32.Agima.bp Backdoor.Win32.Agima.b

Link:

https://opentip.kaspersky.com/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/f485ceeb-9ac0-4591-87da-7e2c6895ac48

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/cf7c00f102d4c6950a9896a6ee7162bb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63/

Verdict:

Malicious

Threat:

Family.FUERY

Link:

https://tip.neiki.dev/file/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2026-03-11 07:52:22 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

27 of 38 (71.05%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nklbv5hdkseakucx7mmzkvnqfmjv7any5src2g2qbujqksvk3nrq._file

Verdict:

malicious

Label(s):

cryptinfinite

Fuery

6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

Fuery

a01ef6d6015536fad1fbeb22c0c170c479265de002f5df06c0b7cfa9996673a8

Fuery

c2475b4b179267d3dd7f9c54d9e9f39b21109baa2c5d7e5acdc5e49d11bb1e95

Fuery

c32e3e9204f8a8f77376f5800785b95f3a6a5521b205b759376dc7eb4664dd64

Fuery

error

Fuery

+ 3 additional samples on MalwareBazaar

Result

Malware family:

fuery

Score:

10/10

Tags:

family:fuery discovery persistence trojan

Link:

https://tria.ge/reports/260311-jqh2ssa14r/

Behaviour

System Location Discovery: System Language Discovery

Adds Run key to start application

Fuery

Fuery family

Malware Config

C2 Extraction:

http://let.mebeyourfriend.digital/
http://if.youwannabemylover.life/
http://make.mydaymakemyday.info/
http://iahfi.visbxskagt.com/
http://laf.oahgsfwklg.top/
http://smachrie1.weinerbuyout.top/
http://sackless2.backspacersasine.sbs/
http://recondole3.compositesclosetful.xyz/
http://dietaries4.permeatedicelanders.today/
http://epanadiplosis5.misdateswampanoag.cyou/
http://invoke6.escrimesesquipedal.digital/
http://bordrage7.kafkaesquebozo.info/
http://stacher8.disequilibrationaproctous.top/
http://scoliidae9.

Unpacked files

SH256 hash:

6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

MD5 hash:

cf7c00f102d4c6950a9896a6ee7162bb

SHA1 hash:

8fc9e0c6e8a0e4193d6369fb5563540b2dee2a57

Link:

https://www.unpac.me/results/a6f28b7b-5b9c-44fb-9a1d-5449ca55f737/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.34

Link:

https://yomi.yoroi.company/submissions/6a961af4e35488055057fb199555b02b135f81b8eca22d1b500d13054aaadb63

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	command_and_control Create hunting rule
Author:	CD_R0M_
Description:	This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectGoMethodSignatures Create hunting rule
Author:	Wyatt Tauber
Description:	Detects Go method signatures in unpacked Go binaries

Rule name:	GoBinTest Create hunting rule

Rule name:	golang Create hunting rule

Rule name:	Golangmalware Create hunting rule
Author:	Dhanunjaya
Description:	Malware in Golang

Rule name:	golang_binary_string Create hunting rule
Description:	Golang strings present

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	Golang_Find_CSC846 Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	Golang_Find_CSC846_Simple Create hunting rule
Author:	Ashar Siddiqui
Description:	Find Go Signatuers

Rule name:	HiveRansomware Create hunting rule
Author:	Dhanunjaya
Description:	Yara Rule To Detect Hive V4 Ransomware

Rule name:	ProgramLanguage_Golang Create hunting rule
Author:	albertzsigovits
Description:	Application written in Golang programming language

Rule name:	SEH__vectored Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Suspicious_Golang_Binary Create hunting rule
Author:	Tim Machac
Description:	Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)