MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


OffLoader


Vendor detections: 11


Intelligence 11 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303
SHA3-384 hash: 4be3b863450b65a57537058c2399f1556928e145cd611c15bbe4ec3c130e9ad61e39e39a200781005b4093c980851d3b
SHA1 hash: 933d4d0b3332dbc8985ac0c855f5767de06a84c2
MD5 hash: a6dc9ecd7fd81a464a1ab3368c77634a
humanhash: uncle-solar-bakerloo-august
File name:crack.exe
Download: download sample
Signature OffLoader
Create hunting rule
File size:2'097'150 bytes
First seen:2025-12-23 19:34:36 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9dda1a1d1f8a1d13ae0297b47046b26e (64 x Formbook, 40 x GuLoader, 25 x RemcosRAT)
ssdeep 49152:u+Z3yWklaOI6ndkqG0rJhQInBdJZVba7M2GB4CQaF:uhQO7nVGEJhhBaIndF
TLSH T152A533839B40767BEE7B07FA06768B2269ADD45640B85F43178022CCFD1D442DCBA9E7
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
Reporter aachum
Tags:exe OffLoader


Avatar
iamaachum
https://downloadtorrentfile.com/hash/6c9167e46d66ba08806d7c61a2294684167e1053?name=DiskGenius%20Professional%20v6.0.1.1645%20%2b%20Crack%20%282025%29%20%28New%29

OffLoader C2:
airplanemove.info
producesound.xyz

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
FR FR
Vendor Threat Intelligence
Malware configuration found for:
NSIS
Details
NSIS
extracted archive contents
Link:
https://research.acce.ciphertechsolutions.com/results/575ecfe3-99b1-451f-8cdf-3a072fc984b0/
Malware family:
n/a
ID:
1
File name:
crack.exe
Verdict:
No threats detected
Analysis date:
2025-12-23 19:37:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/5ee326a8-9665-49b5-9262-3ceedd5597f1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/45929/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694aeefc038f10550b5527cb
Tags:
injection
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug blackhole installer installer installer-heuristic microsoft_visual_cc nsis overlay
Link:
https://www.filescan.io/uploads/694aeef9e126b9ff438ed9d8/reports/714dfb28-45b2-4dcf-a416-e7cce2899c8d/overview
Verdict:
Malicious
Labled as:
Downloader.OffLoader
Link:
https://www.hybrid-analysis.com/sample/77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-07-04T09:31:00Z UTC
Last seen:
2025-09-19T20:39:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.OLE2.Agent.gen Trojan-Downloader.OffLoader.HTTP.C&C Trojan-Downloader.Agent.HTTP.C&C BSS:Trojan.Win32.Truebadur.a HEUR:Trojan-Downloader.Win32.OffLoader.gen PDM:Trojan.Win32.Generic BSS:Trojan.Win32.Generic Trojan-PSW.Win32.Lumma.sb HEUR:Trojan-Proxy.Win64.Microleaves.gen not-a-virus:HEUR:AdWare.Win32.AdUpdater.gen not-a-virus:HEUR:Downloader.Win32.TorrLoad.gen Downloader.Agent.HTTP.C&C
Link:
https://opentip.kaspersky.com/77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303/results?tab=lookup
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/36e442f2-8ede-4a15-a757-ad96d4e69842
Gathering data
Score:
93%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
Executable NSIS Installer PE (Portable Executable) PE File Layout Win 32 Exe x86
Link:
https://app.malva.re/file/a6dc9ecd7fd81a464a1ab3368c77634a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303/
Verdict:
Malicious
Threat:
Trojan-PSW.Win32.Lumma
Link:
https://tip.neiki.dev/file/77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303
Threat name:
Win32.Trojan.OffLoader
Create hunting rule
Status:
Malicious
First seen:
2025-09-25 11:53:55 UTC
File Type:
PE (Exe)
Extracted files:
4
AV detection:
19 of 24 (79.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o6r5uthnxenotq5ihzg23ye6axfko2wldw34lmqmev7r5qevcmbq._file
Gathering data
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/58795e6b-ce77-43db-91a6-79f51451c244
Unpacked files
SH256 hash:
77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303
MD5 hash:
a6dc9ecd7fd81a464a1ab3368c77634a
SHA1 hash:
933d4d0b3332dbc8985ac0c855f5767de06a84c2
Link:
https://www.unpac.me/results/6b3e1904-eeae-4cfc-8f4d-c30ad3b3302c/
SH256 hash:
85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
MD5 hash:
40d7eca32b2f4d29db98715dd45bfac5
SHA1 hash:
124df3f617f562e46095776454e1c0c7bb791cc7
Link:
https://www.unpac.me/results/6b3e1904-eeae-4cfc-8f4d-c30ad3b3302c/
SH256 hash:
ba1b0c0e20dadc663a17162dbb121f0eb99397ed0d2b39ce9fe28bf5df9333f7
MD5 hash:
5822d498565a29ce49eaa0d3c07b3b9a
SHA1 hash:
83dec7f997594c48e291df8258fcd77df04c1976
Link:
https://www.unpac.me/results/6b3e1904-eeae-4cfc-8f4d-c30ad3b3302c/
SH256 hash:
4b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
MD5 hash:
1d8f01a83ddd259bc339902c1d33c8f1
SHA1 hash:
9f7806af462c94c39e2ec6cc9c7ad05c44eba04e
Link:
https://www.unpac.me/results/6b3e1904-eeae-4cfc-8f4d-c30ad3b3302c/
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

OffLoader

Executable exe 77a3da4cedb91ae9c3a83e4dade09e05caa76acb1db7c5b20c257f1ec0951303

(this sample)

  
Link
https://tria.ge/251223-x3rfla1mfx/behavioral2
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/45929/

Comments