MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SalatStealer


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17
SHA3-384 hash: ddfce14b96213994f78c022e62badd25cdf2b1e900bc927bc9eb455c1a1fda6a17ea94c541886090c2d412bac90994ba
SHA1 hash: 7732fcb75e758c4adfa35f2dee5b99158a5446c1
MD5 hash: a7948e4813c32bf548f866d2ab6e44a9
humanhash: romeo-eight-illinois-virginia
File name:Ambani.zip
Download: download sample
Signature SalatStealer
Create hunting rule
File size:18'577'832 bytes
First seen:2026-01-04 15:39:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
Note:This file is a password protected archive. The password is: 123
ssdeep 393216:+W92s1gum++psyNbxSFmVzjrpHc0UGZ9gX159qksr:59r1fvyBXjFHc0XZ9gX1qksr
TLSH T14A17333EB60B2752B25C892B9131F01299611E1DC73E7D5AA8594835B97EC7C38E383F
Magika zip
Reporter burger
Tags:CoinMiner pw-123 SalatStealer zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
NL NL
File Archive Information

This file archive contains 25 file(s), sorted by their relevance:

File name:mscorrc.dll
File size:147'328 bytes
SHA256 hash: 77059063fb0ec24504ffa21ac9ee3c7d2d93601e75cdcf868a591023351e2120
MD5 hash: bdece42256d2feeca61137600fea776c
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Diagnostics.Process.dll
File size:290'688 bytes
SHA256 hash: b47fa6c38902eb8af6745a6f968bbf79ba9e35c7b41d9d48975d87b1f8bfaa59
MD5 hash: a688b390880e4ba55b2a4e52a6efb5c4
MIME type:application/x-dosexec
Signature SalatStealer
File name:hostfxr.dll
File size:378'752 bytes
SHA256 hash: 88945e1fd1b63c3d941f67e6cf161680f1288c97fb7ac6028d2645477708f124
MD5 hash: a4431266f13f98d48a2f2b10fd2d8a71
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Linq.dll
File size:538'496 bytes
SHA256 hash: 8f526784997a07aa611bce91bb33937dd4a686980af6b857b24ad39cc1bfec2a
MD5 hash: 4038f1c2bb864a85d045cb5ca7bb90ba
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Threading.Thread.dll
File size:16'256 bytes
SHA256 hash: fb1faa1f70491e085d7ef0a27ad789126d8f3662c121d091eeec52eeb3e0313a
MD5 hash: 5cab51a6a205eb3b3fa232bd4e8e6cf5
MIME type:application/x-dosexec
Signature SalatStealer
File name:WinUpdateHelper.deps.json
File size:34'737 bytes
SHA256 hash: 10f481bf9bce9318a79d5dc5bd17e19908b5ed419062c70a1a7e400992d8da86
MD5 hash: 64a780afe42da01052f1844e4a33cb2d
MIME type:text/plain
Signature SalatStealer
File name:System.Collections.dll
File size:265'088 bytes
SHA256 hash: 12e621a0cfe6a28b22246ba06a65b832c9f11aca62ca0222265906480f01b90c
MD5 hash: 7f99540073810866c551a48ba22dbcdd
MIME type:application/x-dosexec
Signature SalatStealer
File name:WinUpdateHelper.dll
File size:85'504 bytes
SHA256 hash: f15098661d99a436c460f8a6f839a6903aebd2d8f1445c3bccfc9bf64868f3b0
MD5 hash: 2c9645530ede8078d2263ed5b91af25e
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Runtime.dll
File size:42'880 bytes
SHA256 hash: 1048754b003ec6e9815e1fe328901c0d952c4babc997ca5bc4c4085fcd4b2377
MD5 hash: 6f1dae472a14ae8466bef121470c2e14
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Private.CoreLib.dll
File size:10'637'184 bytes
SHA256 hash: 620a4b11fb37ab997950870b06fee3038c5922a052e06871b9c1a7e1a19c1262
MD5 hash: c8ebfcfd8c7a69e30d45b4498ece29d0
MIME type:application/x-dosexec
Signature SalatStealer
File name:README.txt
File size:943 bytes
SHA256 hash: 7399edc19ad88b4e0af78b276c6140250f199a79f7739ef44148d553f091b7a3
MD5 hash: 030123d18edb0c2948c74e02b43b1c7e
MIME type:text/plain
Signature SalatStealer
File name:System.Threading.dll
File size:80'256 bytes
SHA256 hash: 33437c83104c63f8178a5c737d2600082a129813b405d0262e5312a453e09121
MD5 hash: e546c2554286bd698fb80751692f1dff
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Console.dll
File size:157'056 bytes
SHA256 hash: dd2c6992c14120d0d758f778d5d390fe340d745a00cb0c93452b5ff23db13306
MD5 hash: 3fe0d98fda1fedbc8aa7dcb05de92805
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Memory.patch.dll
File size:7'974'869 bytes
SHA256 hash: f61d92e258502c42bec0abf3b0f35cb9ce07a2c6908b4971e78ab203e592a955
MD5 hash: 9e371677e531aa192956a68bb3c7b411
MIME type:text/plain
Signature SalatStealer
File name:System.ComponentModel.Primitives.dll
File size:75'648 bytes
SHA256 hash: 9d68be843b0493b015cbc54ebb861631202d23cf5871b527523083de29102b48
MD5 hash: fbd7ab0a2b86514ee3fe03d3a1b89adb
MIME type:application/x-dosexec
Signature SalatStealer
File name:hostpolicy.dll
File size:394'112 bytes
SHA256 hash: bfc1c6dd5eed11e15882a3d9e85c63a942a10f81c82d21bb0e7a190ba2d49a91
MD5 hash: 04aebb8b06cbfa10de7225f2ae76f98f
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Runtime.InteropServices.dll
File size:52'096 bytes
SHA256 hash: 0ad8892c72e216a4c12793dd6045e3e88413b42716c2020ddb0cce3266d12cb2
MD5 hash: 38b03b1d2cf2ec0882bdc35b75bad949
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Text.Encoding.Extensions.dll
File size:16'256 bytes
SHA256 hash: 09cac9c6839cb028c2a05aa3407fc64756f245a6cafcd372debf411b82f722e8
MD5 hash: 25087ef7b75cd416efdefe229d735c51
MIME type:application/x-dosexec
Signature SalatStealer
File name:clrjit.dll
File size:1'437'056 bytes
SHA256 hash: 7399b0efe5b3d0a9656f35a7317c9210dfda4374fbba7b2fd07671a5855a9345
MD5 hash: 92795535f2855d02685a78985d2f3d28
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Collections.NonGeneric.dll
File size:101'248 bytes
SHA256 hash: 647aab7931ae16164379f9a0f5fc820c71057a5d1913d9845a1aa43892b3e4a1
MD5 hash: 8f0d421eb54e595f2153dd587565dd65
MIME type:application/x-dosexec
Signature SalatStealer
File name:Microsoft.Win32.Primitives.dll
File size:26'496 bytes
SHA256 hash: c5892083ef60beaf9551f8df3dcf4fed0fc2ce96a289ab1b1835979a1db88fd2
MD5 hash: cc3035b444919aaf960f226b256c612a
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Memo.dll
File size:7'974'869 bytes
SHA256 hash: 03a475037e6fa69ab446eb33a0703e337f966de7f0f055adb10eb68df7d2569e
MD5 hash: 916f29dea7cb1f6be0f2dfc6fd9d32c0
MIME type:text/plain
Signature SalatStealer
File name:coreclr.dll
File size:5'125'504 bytes
SHA256 hash: c6e05a6d8433f111916f2b107b765a9159f41fa1c7a5d8e267645dbd6734d737
MD5 hash: cbb2f646b9b2a67dad68c35bbc7cb7c8
MIME type:application/x-dosexec
Signature SalatStealer
File name:System.Memory.dll
File size:173'952 bytes
SHA256 hash: b4ae699b19b7257605680dbd61127707444695e1207c2edc3213f597729cba1a
MD5 hash: 77944f96068a26ce10286d2085529515
MIME type:application/x-dosexec
Signature SalatStealer
File name:Ambani-spoofer.exe
File size:173'440 bytes
SHA256 hash: d6f67c596a3017fab0f6908f38de0f996fe8742dc7131d491343d128d96564f6
MD5 hash: a614a895161a44b174f8b0c5e0d94adf
MIME type:application/x-dosexec
Signature SalatStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/d3a8fecd-e36f-4399-80bc-445be12c8123/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695a89edd2357cccc3df5b5f
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Suspicious Decryption Secret
Asset was password protected with a secret known to be used in recent malware campaigns.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17/results?tab=lookup
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/a7948e4813c32bf548f866d2ab6e44a9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pdnl7b72o5x4ihf6oq5ym6cjmeaqzhq5wxdkgpauue3dq5judulq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

SalatStealer

zip 78dabf87fa776fc41cbe743b86784961010c9e1db5c6a33c14a1363875341d17

(this sample)

SalatStealer

Executable exe 8e4a1591d0b035190fc27ea619690e017ff123379cc417a374fcc3b760c0150f

SalatStealer

Executable exe b46f7ea522418918ebe0a1106c24004e78f2000dc47fb66c95138cea869bbe9f

  
Dropping
SHA256 b46f7ea522418918ebe0a1106c24004e78f2000dc47fb66c95138cea869bbe9f
  
Dropping
MD5 b5e95b08432b4c8b30a7f1c99cd309b7
  
Dropping
SHA256 d7e9c3c649a34d505b73a00b72b20f0048c4495244da3b0c6ece56892f33d058
  
Dropping
MD5 e6767efabf3da565317758ee582d7405

Comments