MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
SHA3-384 hash: e704e845bf10d4ce44e27604c980ce261430572ff7e5485799cfb79fa8d79f1b69f21b8024a8cec527d4fc7c190cface
SHA1 hash: 3124462a0c563e45093a3a1b1874ef4091c1965b
MD5 hash: 11021135f57127561d82c07c03edb586
humanhash: sink-nebraska-nuts-summer
File name:83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
Download: download sample
File size:89'334'073 bytes
First seen:2026-03-06 07:24:56 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b34f154ec913d2d2c435cbd644e91687 (566 x GuLoader, 122 x RemcosRAT, 82 x EpsilonStealer)
ssdeep 1572864:v+e4h7TL9BHeLLQfvxvhKDLwCXiaBcSrufGanp7GgtcQ3AsERCjqTe:We4NGQfvx8PwCyaBcSruZkUECWq
Threatray 1 similar samples on MalwareBazaar
TLSH T162183322B7E5C57AF0BB0B3294F1A7544A7A7ED51E34E20F7308924E4D71A80DA38767
TrID 39.7% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
21.0% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5)
8.3% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
8.3% (.EXE) Win64 Executable (generic) (6522/11/2)
6.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
Magika pebin
dhash icon 28969696969696e8 (18 x GenesisStealer, 2 x MythStealer, 1 x QuasarRAT)
Reporter JAMESWT_WT
Tags:api-devx-help exe stellar-conquest-fr

Intelligence

File Origin
# of uploads :
1
# of downloads :
134
Origin country :
IT IT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/3adcac67-c9da-4a74-bd8a-e0f069d32dfa/
Malware family:
n/a
ID:
1
File name:
83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
Verdict:
Malicious activity
Analysis date:
2026-03-06 07:26:59 UTC
Tags:
arch-doc
Link:
https://app.any.run/tasks/443e815c-a151-4258-bd39-a95a1266289c

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69aa8184002d37d5c9846320
Tags:
n/a
Verdict:
Malicious
Labled as:
TrojanPSW_Win64_Agent_wj
Link:
https://www.hybrid-analysis.com/sample/83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
Verdict:
Malicious
File Type:
exe x32
Detections:
Trojan-PSW.Win64.Agent.wj
Link:
https://opentip.kaspersky.com/83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe/results?tab=lookup
Score:
24%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
Gathering data
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/83e9fdf06a347b8528f69055f491d43da83cd365a3de24dbfada9626a3bda6fe
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-02-28 13:14:34 UTC
File Type:
PE (Exe)
Extracted files:
3092
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qpu734dkgr5ykkhwsbk7jeouhwudzu3fuppcjw723klcni55u37a._file
Verdict:
malicious
Label(s):
novablight
Create hunting rule
Similar samples:
error
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm discovery execution linux
Link:
https://tria.ge/reports/260306-h9an4ab13t/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Enumerates processes with tasklist
Checks installed software on the system
Executes dropped EXE
Loads dropped DLL
Malware family:
GenesisStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/83e9fdf06a34/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments