MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386
SHA3-384 hash:	546def1c4ba90e92bd3f145e48a9cffacf2ddacabcdf96f8c94b04dbb245792a65a8270b3f1d1bb2947fdba78348616a
SHA1 hash:	aa758eff0f479dff6e73f3f12007a91885a9c47c
MD5 hash:	3ddee4996e4148aa496a805bb98f74e7
humanhash:	virginia-pip-wisconsin-burger
File name:	SecuriteInfo.com.Win32.MalwareX-gen.10243.16961
Download:	download sample
File size:	73'216 bytes
First seen:	2025-05-14 16:26:08 UTC
Last seen:	2025-05-14 17:37:27 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'855 x AgentTesla, 19'783 x Formbook, 12'304 x SnakeKeylogger)
ssdeep	1536:ogY+FqX9KvjOkRWZ7IlC8BUtEGXry13bQGEfmw:PY689Kv3WZIYIurObyfmw
TLSH	T16A63D084562986A2DBEEE7BB0551F58C433C4C0BF7A73B9F1884A7E7B9A27C4452071C
TrID	71.1% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 10.2% (.EXE) Win64 Executable (generic) (10522/11/4) 6.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 4.3% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

435

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.10243.16961.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6824c5004a59e5a2ce0493c5

Tags:

autorun virus spawn sage

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

Creating a file in the %temp% directory

Enabling the 'hidden' option for files in the %temp% directory

Launching a process

Creating a process with a hidden window

Running batch commands

Creating a file

Enabling autorun by creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 obfuscated packed packed packer_detected reconnaissance vbnet

Link:

https://www.filescan.io/uploads/6824c47a854c57f294da157a/reports/b51549a7-c4ff-43b2-ab95-b02a06c80c8a/overview

Verdict:

Malicious

Labled as:

Jalapeno.Generic

Link:

https://www.hybrid-analysis.com/sample/82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/fb2b805e-3ded-48e6-bf66-ddee884a73fe

Result

Threat name:

n/a

Detection:

malicious

Classification:

rans.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1690163

Signature

.NET source code contains potential unpacker

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Contains functionality to access PhysicalDrive, possible boot sector overwrite

Contains functionality to infect the boot sector

Contains functionality to instantly poweroff / shutdown the system

Joe Sandbox ML detected suspicious sample

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Performs an instant shutdown (NtRaiseHardError)

Uses schtasks.exe or at.exe to add and modify task schedules

Writes directly to the primary disk partition (DR0)

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386/

Threat name:

Win32.Trojan.Jalapeno

Status:

Malicious

First seen:

2025-04-15 00:23:00 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

26 of 37 (70.27%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qjcg2mh4vpr57qloueijcokxj352ltr5t33i3mhykmr2xnvmuoda._file

Result

Malware family:

n/a

Score:

7/10

Tags:

n/a

Link:

https://tria.ge/reports/250514-txtrzs1vfz/

Behaviour

Delays execution with timeout.exe

Scheduled Task/Job: Scheduled Task

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Enumerates physical storage devices

Checks computer location settings

Verdict:

Informative

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/4fcba084-cf8b-4d0d-a58a-1ed3f7775f00

Unpacked files

SH256 hash:

82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386

MD5 hash:

3ddee4996e4148aa496a805bb98f74e7

SHA1 hash:

aa758eff0f479dff6e73f3f12007a91885a9c47c

Link:

https://www.unpac.me/results/38e7e4c2-d323-4138-993c-f08392b67e16/

SH256 hash:

fbad3d6983eced66d3a7baf064f30efd463fda6d65c0ecf1ae7a464dde2e4209

MD5 hash:

3c7c23d617bec5df2601ab09ea6bcd43

SHA1 hash:

132b094ca210d9532efaeefdaf7fa33c20a28f19

Link:

https://www.unpac.me/results/38e7e4c2-d323-4138-993c-f08392b67e16/

SH256 hash:

e02cf6c2186a9d0d5e1d462c8741a18141001facdaaf715d7c79b18bddd4cb9c

MD5 hash:

5f335527a7923d7836008bc2ae2180ce

SHA1 hash:

b0e4efdd89222e6f6a32df42fcd20c1f53a771b7

Link:

https://www.unpac.me/results/38e7e4c2-d323-4138-993c-f08392b67e16/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 82446d30fcabe3dfc16ea1109139574efba5ce3d9ef68db0f85323abb6aca386

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3543475/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample