MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f
SHA3-384 hash: 4bcba95c46a94b957577f099b95be7ae17d37846b1b2d8ed3beff7d446c902555dfc58acb283c5afb905899900f69612
SHA1 hash: 4a4fedc9b7f7aa7ed186849a6e1ebaebf4ca4114
MD5 hash: 6377de87c72b7a0ec85056fa238d4c26
humanhash: steak-hawaii-pizza-venus
File name:file
Download: download sample
File size:72'651'153 bytes
First seen:2025-10-08 04:05:44 UTC
Last seen:2025-10-08 07:38:57 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash f4680c52b4d4f6f1e0f92b81397ce8c4 (4 x MeduzaStealer, 1 x LummaStealer, 1 x CoinMiner)
ssdeep 786432:J9T/j0XmY3Sly3TG1+ntoF/f5rOFIBX53/8IqirTQU:J9T/jgmYUAoF/x+Ip53aYEU
TLSH T1B3F79C11B3C1C66AE0DE4ABE95B9E75683BDFA1113769BCB0044F99819F13E25C31B83
TrID 49.9% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe


Avatar
Bitsight
url: http://178.16.55.189/files/Thumbh/random.exe

Intelligence

File Origin
# of uploads :
6
# of downloads :
85
Origin country :
US US
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
random.exe
Verdict:
Malicious activity
Analysis date:
2025-10-08 02:32:54 UTC
Tags:
amadey botnet stealer themida rdp loader gcleaner auto generic stealc vidar ms-smartcard socks5systemz proxybot phishing websocket netsupport rat rmm-tool purecrypter remote evasion golang miner rustystealer silentcryptominer winring0-sys vuln-driver anti-evasion darkvision telegram github
Link:
https://app.any.run/tasks/81b586fc-0e82-4d99-900e-e8e542ad9bf9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68e5e361277c2bd8bc5db891
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connecting to a non-recommended domain
Sending an HTTP GET request
Creating a file in the %temp% subdirectories
Moving a file to the %temp% subdirectory
Creating a process from a recently created file
Creating a process with a hidden window
Moving a recently created file
Сreating synchronization primitives
Creating a window
Running batch commands
Launching a process
Creating a file
Creating a service
Enabling autorun for a service
Adding an exclusion to Microsoft Defender
Unauthorized injection to a system process
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
agenttesla anti-debug bash dotnet evasive expand fingerprint lolbin microsoft_visual_cc net njrat obfuscated overlay packed packer_detected rat remote threat
Link:
https://www.filescan.io/uploads/68e5e3e95a3bccf09ebc99a7/reports/80ce60c0-d276-42d2-8555-d9d5ec04e21f/overview
Verdict:
Suspicious
Labled as:
TrojanPSW.Medeze
Link:
https://www.hybrid-analysis.com/sample/7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f
Verdict:
Malicious
File Type:
exe x32
First seen:
2025-10-08T01:16:00Z UTC
Last seen:
2025-10-08T10:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f/results?tab=lookup
Score:
80%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pvq6oh3dkp2pjstwflegzufddlkid6sjlu5cwgvulpnmsodfmuxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251008-eq1jmawmx7/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
red_team_tool
YARA:
INDICATOR_TOOL_WEDGECUT
Link:
https://app.threat.zone/submission/5834e5e7-fa67-47c7-8af0-3d600b745d6e
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 7d61e71f6353f4f4ca762ac86cd0a31ad481fa495d3a2b1ab45bdac93865652f

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3664760/

Comments