MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


AdaptixC2


Vendor detections: 17


Intelligence 17 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
SHA3-384 hash: 103f2f53ed9616d4dcb1940660ff6f2b196fdde93e7e7ff89317c302b67143b3a8ed1ea5cca46b3d0b1ed686453930c3
SHA1 hash: 364b584f20ad33e5614da560cef901c4a9631e3c
MD5 hash: 5a4a549a504360bc21c60079fa2a2f60
humanhash: tennessee-nineteen-indigo-fifteen
File name:native.exe
Download: download sample
Signature AdaptixC2
Create hunting rule
File size:1'162'752 bytes
First seen:2026-03-31 12:04:05 UTC
Last seen:2026-04-01 10:55:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a9c887a4f18a3fede2cc29ceea138ed3 (36 x CoinMiner, 19 x AsyncRAT, 18 x QuasarRAT)
ssdeep 24576:OkrLKH6AmZsd7EJ5dA/uFjF5kOjkPd/mGi:ZxpZsiJ5dCq6jPpmG
Threatray 176 similar samples on MalwareBazaar
TLSH T1AB350223F2502D7EFBC2A53FD252AB9E093BCFFA9442C7767A14E5A9A414C054D213E4
TrID 33.4% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
13.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
13.2% (.EXE) Win64 Executable (generic) (6522/11/2)
10.2% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter JAMESWT_WT
Tags:83-142-209-11 AdaptixC2 checkmarx-zone dropped-from-AdaptixC2 exe fflexus-45433-portmap-host github-com--ashduasdoasdoasd teampcp

Intelligence

File Origin
# of uploads :
4
# of downloads :
104
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
native.exe
Verdict:
Malicious activity
Analysis date:
2026-03-30 14:14:35 UTC
Tags:
auto-reg crypto-regex pulsar rat
Link:
https://app.any.run/tasks/879eae1b-86e3-474c-9757-3ec19c6bafb5

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/59881/
Detection(s):
SecuriteInfo.com.BackDoor.BladabindiNET.30.26038.16397.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ca854a3a18a6e1ddefc5d0
Tags:
vmdetect autorun agentb
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% directory
Creating a process from a recently created file
Creating a process with a hidden window
Creating a window
Сreating synchronization primitives
Launching a process
DNS request
Unauthorized injection to a recently created process
Query of malicious DNS domain
Enabling autorun by creating a file
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
packed
Link:
https://www.filescan.io/uploads/69cbb83fe2df9aa488bfce7b/reports/51160a20-6d5d-4df8-88d3-68f541973c56/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-03-30T11:19:00Z UTC
Last seen:
2026-04-01T01:27:00Z UTC
Hits:
~100
Detections:
Backdoor.MSIL.PulsarRAT.sb Trojan-PSW.MSIL.Agent.sb Trojan.Win32.Inject.sb Trojan.MSIL.Agent.sb HEUR:Trojan-Banker.MSIL.ClipBanker.gen HEUR:Trojan.Win32.Agentb.gen HEUR:Trojan.MSIL.Convagent.gen PDM:Trojan.Win32.Generic HEUR:Trojan.Win32.Generic Backdoor.Win64.AdaptixC2.sb VHO:Trojan-Downloader.MSIL.ShortLoader.gen
Link:
https://opentip.kaspersky.com/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88/results?tab=lookup
Malware family:
AdaptixC2
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/4310a535-dabc-4d09-a186-e9bfa5f92490
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/5a4a549a504360bc21c60079fa2a2f60
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88/
Verdict:
Malicious
Threat:
Family.PULSAR
Link:
https://tip.neiki.dev/file/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
Threat name:
Win32.Dropper.Dapato
Create hunting rule
Status:
Malicious
First seen:
2026-03-30 14:14:39 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
32 of 36 (88.89%)
Threat level:
  3/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogjprxaboox4chxhhp5bmflay4jkhmtk74imqku4d3bxdfuq7wea._file
Verdict:
malicious
Label(s):
adaptixc2
Create hunting rule
quasarrat
Create hunting rule
Similar samples:
3c122a88359e5c0f3dd2a6e41d6472f54d1620a5c5364da994e6ca8c0fa9432b
AdaptixC2
7bd313add125c26c87e12f2c32c36b1a6c69f9c12e9158bb8f2db2865aab9c08
AdaptixC2
ced4cf149946549676495a9bf47b97225ec9f69243439ab2531729f1e9586381
AdaptixC2
de4a52117da22ace7c927b2355a20af7091fb0461828daff9fd1eae90df7adde
AdaptixC2
+ 166 additional samples on MalwareBazaar
Result
Malware family:
quasar
Create hunting rule
Score:
  10/10
Tags:
family:quasar discovery execution persistence spyware trojan
Link:
https://tria.ge/reports/260331-n8qa2scx4v/
Behaviour
Scheduled Task/Job: Scheduled Task
Suspicious behavior: AddClipboardFormatListener
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Checks computer location settings
Executes dropped EXE
Quasar RAT
Quasar family
Quasar payload
Unpacked files
SH256 hash:
7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
MD5 hash:
5a4a549a504360bc21c60079fa2a2f60
SHA1 hash:
364b584f20ad33e5614da560cef901c4a9631e3c
Link:
https://www.unpac.me/results/c1f8d994-6bc5-4ac1-9ec6-416d8586f796/
SH256 hash:
7bd313add125c26c87e12f2c32c36b1a6c69f9c12e9158bb8f2db2865aab9c08
MD5 hash:
82199d6679aeec51cebde9dc55db2303
SHA1 hash:
81f9fdba0682f4f08f409f89f7300397f3d2bce3
Detections:
QuasarRAT
Create hunting rule
cn_utf8_windows_terminal
Create hunting rule
malware_windows_xrat_quasarrat
Create hunting rule
MAL_BackNet_Nov18_1
Create hunting rule
INDICATOR_EXE_Packed_Fody
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_SandboxHookingDLL
Create hunting rule
INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA
Create hunting rule
Link:
https://www.unpac.me/results/c1f8d994-6bc5-4ac1-9ec6-416d8586f796/
Parent samples :
7bd313add125c26c87e12f2c32c36b1a6c69f9c12e9158bb8f2db2865aab9c08
7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
SH256 hash:
2f810da956fed7faf74c8ce2cf65638ccdaa92b282dc7492592d7aedce280c44
MD5 hash:
0020b06dc2018cc2b5bf98945a39cbd3
SHA1 hash:
71ad34cd9f4f3ee2328ca1c7a64a576499208f43
Detections:
SUSP_NET_Large_Static_Array_In_Small_File_Jan24
Create hunting rule
HKTL_NET_GUID_Quasar
Create hunting rule
Link:
https://www.unpac.me/results/c1f8d994-6bc5-4ac1-9ec6-416d8586f796/
Parent samples :
506a965b3ff38511a183d9c2fb9a404e54e211ab42acf9293696bcb142bbd3e3
696352b6b7c282736cb240651682b07a5feaa68ac065e9128f946779db00b02b
c57c030654ed282e9a79d9e94d4c75def4c66333e39dae059580e68ab1bdad94
7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88
2f810da956fed7faf74c8ce2cf65638ccdaa92b282dc7492592d7aedce280c44
Malware family:
QuasarRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/7192f8dc0173/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:Windows_Trojan_Adaptix_b2cda978
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

AdaptixC2

Executable exe 7192f8dc0173afc11ee73bfa161560c712a3b26aff10c82a9c1ec3719690fd88

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/59881/
  
URLhaus
https://urlhaus.abuse.ch/url/3809159/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3809158/

Comments