MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa
SHA3-384 hash:	4d48656b42ac74fa4e0eeffec1fa091c3b3830798aee09e7bc022d42538fe7d9224490e3099a2b8bdc114dc56e92fa69
SHA1 hash:	093291d183249d6203f127706f112128b1e2e656
MD5 hash:	7b124ae536db5935de564c6bcc8db1b0
humanhash:	cup-yellow-harry-illinois
File name:	KhirBreaker.exe
Download:	download sample
File size:	2'316'288 bytes
First seen:	2026-03-16 13:20:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
ssdeep	24576:xgS+1mFpzI9SPVA5iaCGFltxYcxMNqLXIj5GEoSxqJNUTHLCPb6+fe:3TOUAAJOlrBxMQLXIj5GEFxBHLC
TLSH	T170B5F1A2F184C009D9991B748936CDB8127FBE69FD79C24F30987BAD7FB77820405A16
TrID	44.6% (.EXE) Win64 Executable (generic) (6522/11/2) 14.0% (.ICL) Windows Icons Library (generic) (2059/9) 13.8% (.EXE) OS/2 Executable (generic) (2029/13) 13.7% (.EXE) Generic Win/DOS Executable (2002/3) 13.6% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	burger
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

135

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

Injection.exe

Verdict:

Malicious activity

Analysis date:

2026-03-16 13:23:00 UTC

Tags:

github auto-reg auto-startup phishing rust loader

Link:

https://app.any.run/tasks/d4ace0b9-c8b6-40cf-9818-d3467f76fc3d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57649/

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b8044193b644ca466a9582

Tags:

virus

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Сreating synchronization primitives

Searching for synchronization primitives

Creating a file

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Creating a process from a recently created file

Gathering data

Verdict:

Malicious

Labled as:

Trojan/MSILZilla

Link:

https://www.hybrid-analysis.com/sample/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

Verdict:

Clean

File Type:

exe x64

Link:

https://opentip.kaspersky.com/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa/results?tab=lookup

Gathering data

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1884255

Signature

.NET source code contains potential unpacker

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Yara detected Costura Assembly Loader

Behaviour

Behavior Graph:

Download SVG

Score:

53%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa/

Verdict:

Susipicious

Link:

https://tip.neiki.dev/file/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2026-03-16 13:20:36 UTC

File Type:

PE+ (.Net Exe)

Extracted files:

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=om4auzw3yqjaiceuglc2itvyyrtppt4r2yeojl2hwscywmyxih5a._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/260316-qk8tlags9w/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Contacts third-party web service commonly abused for C2

Executes dropped EXE

Downloads MZ/PE file

Unpacked files

SH256 hash:

73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

MD5 hash:

7b124ae536db5935de564c6bcc8db1b0

SHA1 hash:

093291d183249d6203f127706f112128b1e2e656

Link:

https://www.unpac.me/results/636317cc-822e-42e4-a506-48f2a138762f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_EXE_Packed_Fody Create hunting rule
Author:	ditekSHen
Description:	Detects executables manipulated with Fody

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

RustyStealer

rar 84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f

exe 73380a66dbc41204089432c5a44eb8c466f7cf91d608e4af47b4858b331741fa

(this sample)

Cape

https://www.capesandbox.com/analysis/57649/

Dropped by

SHA256 84de426c5c053e05a1128ba21e5664ee759cc4bc4983a3972e669bc6dff3023f

Dropped by

MD5 3ec7f152d8675d758d8766a2356bf3a4

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample