MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae
SHA3-384 hash: 527847c9b9d5b44e48c40a6b7e3ac25cf66e5f06e95b0d6de02e0a278a986eab3c6e8f1ca0bb40bb574da8fbe6015a98
SHA1 hash: ed8444b5669183a693c03b8222cbda630ddf8a5e
MD5 hash: 17c501204427af5ba08d769f620e26b5
humanhash: avocado-one-two-fix
File name:DamewareAgent.msi
Download: download sample
File size:36'638'720 bytes
First seen:2026-03-17 14:26:32 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 786432:kOW4VFl2k2Qu3gR7Kq3BbIx9R6101dOCg+YnMynfutbH:9WSOkRu34KubIBnhym
TLSH T1408733BB5AC6DFB8E78F5431E088A45D193D3C6A1A2716C6A4B97DF051FA7C302F0681
TrID 86.8% (.MSI) Microsoft Windows Installer (454500/1/170)
11.6% (.MST) Windows SDK Setup Transform script (61000/1/5)
1.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter Anonymous
Tags:msi

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
US US
Vendor Threat Intelligence
Gathering data
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b964cf88c80c01586b343e
Tags:
n/a
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae
Verdict:
Clean
File Type:
msi
Link:
https://opentip.kaspersky.com/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae/results?tab=lookup
Score:
6%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qihhcrn67wufzxxf6apenwhsdwdn4g4bwzgmyeaekrzplhwtpsxa._file
Verdict:
suspicious
Label(s):
shellcode_loader_008
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery installer persistence privilege_escalation ransomware spyware trojan
Link:
https://tria.ge/reports/260317-rshg2sev7y/
Behaviour
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Modifies registry class
Modifies system certificate store
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
NSIS installer
Checks whether UAC is enabled
Enumerates physical storage devices
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Checks installed software on the system
Drops file in Program Files directory
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Drops file in System32 directory
Adds Run key to start application
Badlisted process makes network request
Enumerates connected drives
Sets service image path in registry
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/820e7145befda85cdee5f01e46d8f21d86de1b81b64ccc10045472f59ed37cae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments