MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Fuery


Vendor detections: 17


Intelligence 17 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf
SHA3-384 hash: bb41189f89496b6a6ec81b6748b7203e1d732fa790da56949ef5c3b5804bdc808b2fd87b19e0674b9e27a3cd6fb1e1cc
SHA1 hash: 62adb4bf5efc8f4d80b10f36331d07169d68e18d
MD5 hash: ea1769f2b71b008adf029c6bb2b71e53
humanhash: echo-artist-single-mobile
File name:file
Download: download sample
Signature Fuery
Create hunting rule
File size:711'680 bytes
First seen:2025-10-14 04:01:20 UTC
Last seen:2025-10-21 04:06:22 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (48'744 x AgentTesla, 19'608 x Formbook, 12'242 x SnakeKeylogger)
ssdeep 12288:lsI8O7xKqXI+RLihjoV+nfG5DryCNJIJxIkNSoZl3ahNBP5q8gL6N:llR124Lmdnfo1XG6kNH84F6
TLSH T108E402593716EB17C9A4A7F91970E27403BE6EAEA861D31B5DDE2CEB3435B000C507A3
TrID 71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
10.2% (.EXE) Win64 Executable (generic) (10522/11/4)
6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
4.3% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe Fuery


Avatar
Bitsight
url: http://178.16.55.189/files/8233900432/3nvHynj.exe

Intelligence

File Origin
# of uploads :
32
# of downloads :
74
Origin country :
US US
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
random.exe
Verdict:
Malicious activity
Analysis date:
2025-10-14 02:12:15 UTC
Tags:
amadey botnet stealer themida rdp auto generic loader anti-evasion ms-smartcard gcleaner evasion rustystealer autoit miner silentcryptominer winring0-sys vuln-driver phishing stealc rat njrat bladabindi remote backdoor hijackloader purecrypter inno installer delphi rhadamanthys xor-url upx salatstealer susp-powershell golang
Link:
https://app.any.run/tasks/ab8b7d8e-4f6c-478a-b12f-2be5ea4c20fd

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/32600/
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ed085e777ae46bec427cd9
Tags:
phishing delphi spam
Result
Verdict:
Malware
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated obfuscated packed packed packer_detected vbnet
Link:
https://www.filescan.io/uploads/68edcb5e9da6b44f3c8b854e/reports/0ad83114-14b2-4198-812d-f4df836d5a61/overview
Verdict:
Malicious
Labled as:
Genie.8DN.Generic
Link:
https://www.hybrid-analysis.com/sample/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-13T09:24:00Z UTC
Last seen:
2025-10-15T23:47:00Z UTC
Hits:
~10000
Detections:
Trojan-Ransom.Foreign.TCP.ServerRequest Trojan.Win32.Agent.sb Trojan.MSIL.Inject.sb Backdoor.Win32.Agima.sb Backdoor.Win32.Agima.b PDM:Trojan.Win32.Generic HEUR:Trojan-Spy.MSIL.Noon.gen Backdoor.Agima.HTTP.C&C Trojan-Dropper.Win32.Injector.sb Trojan.MSIL.Taskun.sb Trojan.MSIL.Crypt.sb Backdoor.Win32.Agima.a
Link:
https://opentip.kaspersky.com/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf/results?tab=lookup
Malware family:
Malicious Packer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/03dacd44-acc8-47fe-b04b-2ae9552819db
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf
Verdict:
inconclusive
YARA:
5 match(es)
Tags:
.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.48 Win 32 Exe x86
Link:
https://app.malva.re/file/ea1769f2b71b008adf029c6bb2b71e53
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf/
Verdict:
Malicious
Threat:
Backdoor.Win32.Agima
Link:
https://tip.neiki.dev/file/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf
Threat name:
ByteCode-MSIL.Trojan.Jalapeno
Create hunting rule
Status:
Malicious
First seen:
2025-10-13 14:10:48 UTC
File Type:
PE (.Net Exe)
Extracted files:
11
AV detection:
26 of 38 (68.42%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptnjnfq2fpuenmg2h76ijfanx3ddad7retjcihbsngtgsemdg27q._file
Verdict:
malicious
Label(s):
unc_loader_037
Create hunting rule
cryptinfinite
Create hunting rule
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/251014-el9lqswwax/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Downloads MZ/PE file
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a8d1b7c2-409a-45b1-927b-f54f66d95b24
Unpacked files
SH256 hash:
7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf
MD5 hash:
ea1769f2b71b008adf029c6bb2b71e53
SHA1 hash:
62adb4bf5efc8f4d80b10f36331d07169d68e18d
Link:
https://www.unpac.me/results/0a4dd46c-14c6-4cc3-ace3-ea6cd16711b8/
SH256 hash:
b794ed0c0c7d4499d0a2ffff67eb5b92dba83f4be7964591e9edad2755176511
MD5 hash:
2a576318d07470206dd7c45f7d896078
SHA1 hash:
3096b2a5ccd98583949a9f57842d5547b50bbc29
Link:
https://www.unpac.me/results/0a4dd46c-14c6-4cc3-ace3-ea6cd16711b8/
SH256 hash:
d02bc1ceab075ff97767c527e2ac5643f78c83a453d86e5ba374a6158830c737
MD5 hash:
49eff1d7ffddf51f25bd73b1014049cf
SHA1 hash:
53f9728c340cacd6d37203b4211febb5f51d4ada
Detections:
SUSP_OBF_NET_ConfuserEx_Name_Pattern_Jan24
Create hunting rule
SUSP_OBF_NET_Reactor_Indicators_Jan24
Create hunting rule
Link:
https://www.unpac.me/results/0a4dd46c-14c6-4cc3-ace3-ea6cd16711b8/
SH256 hash:
be13fba038995f47789ce6e7bbd302509e2a4c9ee27036b4ad08acd7cfa9b122
MD5 hash:
f5654d649b372ca56c77a3b48611caba
SHA1 hash:
9d9c3c7e2792d5697c9fc80d44aea5fb9d7df9d5
Link:
https://www.unpac.me/results/0a4dd46c-14c6-4cc3-ace3-ea6cd16711b8/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Fuery

Executable exe 7cda96961a2be846b0da3ffc84940dbec6300ff124d2241c3269a669118336bf

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/32600/
  
URLhaus
https://urlhaus.abuse.ch/url/3661367/

Comments