MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b
SHA3-384 hash: 086f32ef1dcf374a33e26c7aab6d7f3636da046810365ea89dc5f67bab7f84e28e7cba6e16b5947d1cae91d0f8aee856
SHA1 hash: 1894b34f91b2606e7597d55eb591ab5805df5a9b
MD5 hash: 2175255de1448a40cf36995f586a3ac6
humanhash: item-arkansas-spring-idaho
File name:Updater.exe
Download: download sample
File size:82'174'866 bytes
First seen:2025-12-30 15:07:02 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e05e31a5063c852520cc6950fe83ad1a (12 x CoinMiner)
ssdeep 393216:os/nU/1IN3Uuw8ygaACggdwVCRdsQ+hrxAAsIyNOnS0B4AycWMCYulLX5zlc+S+C:oEYGD7sJYgNukUB4S5rs3wbpLLNNH
TLSH T109086B4262EA04C4F9F7DA759AF65617C673BC122F3095CF221C172A1F336E09976B22
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter lfr
Tags:exe


Avatar
lfr
https://github.com/consthycata1972/laughing-enigma/releases/download/download/Updater.zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
FR FR
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/073a52a2-d8c0-484e-9250-70b517088cdf/
Malware family:
n/a
ID:
1
File name:
Updater.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-30 15:00:14 UTC
Tags:
anti-evasion
Link:
https://app.any.run/tasks/8d371358-94e5-49c6-998c-9ca77ca1d956

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6953e9097d915bf1778f0687
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug anti-vm crypto expand fingerprint installer-heuristic lolbin microsoft_visual_cc nexe overlay overlay packed packed
Link:
https://www.filescan.io/uploads/6953eaaf8d1aa9829e274684/reports/89dacd6b-ea3d-475b-9e91-a8c6ff626d3f/overview
Verdict:
Malicious
Labled as:
W64/Agent.KWO.gen
Link:
https://www.hybrid-analysis.com/sample/8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b
Result
Gathering data
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b/results?tab=lookup
Score:
69%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b
Gathering data
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rj6mzkbjum4ut3vgtp54el5bnu5ca23rzk2pyuhxlstfrmj2wqfq._file
Gathering data
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/d0c35387-4c28-4ad9-b752-a31c30439454
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 8a7ccca829a33949eea69bfbc22fa16d3a206b71cab4fc50f75ca658b13ab40b

(this sample)

  
Delivery method
Distributed via web download

Comments