MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9
SHA3-384 hash:	7262a7f64e297b04504ff92f4e8e349c22376a34f6b0933e302e364ff450e02666f813ad2c1c9e6f87709a1f4374a8e6
SHA1 hash:	b8f0e2b569a9e0cd5fa95d19226715ecd05a986c
MD5 hash:	2a899aa7cbe70874c71e2446cfe2ccd7
humanhash:	one-moon-fifteen-july
File name:	file
Download:	download sample
File size:	7'766'528 bytes
First seen:	2025-10-30 20:23:14 UTC
Last seen:	2025-10-31 10:31:57 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	d5320f4b803f173facb78ce67128770f
ssdeep	196608:R2D6MIZoMYY9VFKlhvHAXR4J+UtIAK6uBODBKEEu8YyK:EMoHY9VCPWR4XIAddL
TLSH	T1A37622A155C963FCC0D74F14A14712CE70D175AB89FDAA0D3AC69C036E11EEE098EBA7
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe

Bitsight

url: http://178.16.55.70/v3434.exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

redline

ID:

File name:

0_c36ed034d523da1f54d43176334d4bda9f9adcb940948646b43902a620ebda45.exe

Verdict:

Malicious activity

Analysis date:

2025-10-30 15:43:10 UTC

Tags:

auto redline stealer amadey botnet loader rdp stealc vidar xor-url generic golang autoit lumma gcleaner anti-evasion purelogs neoreklami adware rhadamanthys skuld evasion phishing purecrypter themida exfiltration socks5systemz proxybot remcos rat upx ims-api asyncrat stormkitty

Link:

https://app.any.run/tasks/a01cbd2d-5a9a-43a5-ba78-aa95e0cab32d

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/34841/

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6903cd46706befaf4eca8012

Tags:

emotet cobalt

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Connection attempt

Sending a custom TCP request

Sending an HTTP GET request

Behavior that indicates a threat

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

crypto hacktool obfuscated packed packed packer_detected

Link:

https://www.filescan.io/uploads/6903c94704d9479dbf555d1a/reports/88cbcf63-52cc-41ae-aa5c-e9697a0cb448/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

Verdict:

Clean

File Type:

exe x64

First seen:

2025-10-30T10:52:00Z UTC

Last seen:

2025-11-01T03:35:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/c42dfc40-c7fe-4447-af7c-cd059da6094c

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/2a899aa7cbe70874c71e2446cfe2ccd7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9/

Verdict:

Malicious

Threat:

Family.STEALC

Link:

https://tip.neiki.dev/file/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

Threat name:

Win64.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-10-30 12:24:40 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

24 of 38 (63.16%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=o6vadw4coh3km3luuz5a62rjdltiv3credsnxdmdd3wa3xvg2c4q._file

Result

Malware family:

n/a

Score:

3/10

Tags:

defense_evasion spyware trojan

Link:

https://tria.ge/reports/251030-y6d54sct9f/

Behaviour

Modifies system certificate store

Unpacked files

SH256 hash:

77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

MD5 hash:

2a899aa7cbe70874c71e2446cfe2ccd7

SHA1 hash:

b8f0e2b569a9e0cd5fa95d19226715ecd05a986c

Link:

https://www.unpac.me/results/34e9e1a2-0c20-45a7-8beb-bb8abb7d3a79/

Malware family:

njRAT

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/77aa01db8271/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.87

Link:

https://yomi.yoroi.company/submissions/77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 77aa01db8271f6a66d74a67a0f6a291ae68aec5120e4db8d831eec0ddea6d0b9

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3615435/

Cape

https://www.capesandbox.com/analysis/34841/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample