MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6
SHA3-384 hash:	79bc8dc920d0f8b78362b4f9d3439a04ff4af6749842872f9edc00bde189abf44ff63567f669258d54d06aed173c0e88
SHA1 hash:	783922d7b883e0db11d8517a7fb102dd7f97b635
MD5 hash:	c9dc59e8d8bba459569bc9cc1c41b694
humanhash:	india-may-may-neptune
File name:	file
Download:	download sample
File size:	5'921'296 bytes
First seen:	2025-10-15 04:03:46 UTC
Last seen:	2025-10-15 05:17:15 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4731058a4b27f6e0370bd34b0b3652f0
ssdeep	98304:jy7vvA9aGCvw75lA2IoFjO4NEGL+6TiIQ9ydEZrn+98bs0dzTyy4JWrfirq9fAz:jyLPGg2vjjEL6mN9ydEZTKAt54JWrfij
TLSH	T1A15633679963BBB7F08B3CF00D66452654D6165D5EEC40BC35805220EF24AEFB7291F8
TrID	27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 20.8% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.6% (.EXE) Win32 Executable (generic) (4504/4/1) 8.5% (.ICL) Windows Icons Library (generic) (2059/9) 8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe

Bitsight

url: http://178.16.55.189/files/5983277008/90002KI.exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

_7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6.exe

Verdict:

No threats detected

Analysis date:

2025-10-15 04:08:31 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/f48a725a-56d0-497d-a11a-422b151259d4

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/32856/

Detection(s):

no reply from clamd

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ef1d5b04e22ce9acda40a9

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Searching for analyzing tools

Searching for the window

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

anti-vm microsoft_visual_cc obfuscated obfuscated packed packed packer_detected themidawinlicense

Link:

https://www.filescan.io/uploads/68ef1dc871883144ef37cdff/reports/19fdd3f7-2b03-4b70-8e79-f851c28df95f/overview

Verdict:

Malicious

Labled as:

Mint.Zard.Generic

Link:

https://www.hybrid-analysis.com/sample/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-10-14T22:52:00Z UTC

Last seen:

2025-10-15T10:14:00Z UTC

Hits:

~10

Detections:

UDS:DangerousObject.Multi.Generic

Link:

https://opentip.kaspersky.com/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/c24e0bd1-d871-43b7-b0a4-8bd979d3d603

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/c9dc59e8d8bba459569bc9cc1c41b694

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6/

Verdict:

Malicious

Threat:

DangerousObject.Multi

Link:

https://tip.neiki.dev/file/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

Threat name:

Win32.Malware.Heuristic

Status:

Malicious

First seen:

2025-10-15 01:17:30 UTC

File Type:

PE (Exe)

AV detection:

20 of 24 (83.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o6edrezfyjejqlys7bp3k7lcw7z3oaxipla6g4ofkrfg464cmk3a._file

Result

Malware family:

n/a

Score:

9/10

Tags:

defense_evasion discovery themida trojan

Link:

https://tria.ge/reports/251015-en91aagm7t/

Behaviour

Suspicious behavior: EnumeratesProcesses

System Location Discovery: System Language Discovery

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks whether UAC is enabled

Checks BIOS information in registry

Themida packer

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Verdict:

Unknown

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/9e3ac5a4-096c-4304-ab88-614b666fc0aa

Unpacked files

SH256 hash:

7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

MD5 hash:

c9dc59e8d8bba459569bc9cc1c41b694

SHA1 hash:

783922d7b883e0db11d8517a7fb102dd7f97b635

Link:

https://www.unpac.me/results/4e03e64d-2179-4831-b99e-4a9a6c038e8f/

SH256 hash:

0e180e064a7b29b7dc8fb5edc6ffb5745285c642d2db9139b9d42df96fc499db

MD5 hash:

7cf55b9246f425267e84db1405e22c72

SHA1 hash:

fce52593d5aa3b5da6ca2bcd5f3755129895a9a7

Detections:

INDICATOR_EXE_Packed_Themida

Link:

https://www.unpac.me/results/4e03e64d-2179-4831-b99e-4a9a6c038e8f/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	INDICATOR_EXE_Packed_Themida Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with Themida

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	vmdetect Create hunting rule
Author:	nex
Description:	Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 7788389325c248982f12f85fb57d62b7f3b702e87ac1e371c5544a6e7b8262b6

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/32856/

URLhaus

https://urlhaus.abuse.ch/url/3678487/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample