MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 4 File information Comments

SHA256 hash:	8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5
SHA3-384 hash:	766096093a6d9879a55901ba2749e5a21840a946bac39d27ec4acb9aff8913790c676cbe2e48cd70d691c3aae2e00d79
SHA1 hash:	ee7ae444f4f7636726689571b87f6912d860643e
MD5 hash:	df91b0065f3ad023daf77a26096d7643
humanhash:	bacon-finch-freddie-sixteen
File name:	file
Download:	download sample
File size:	118'272 bytes
First seen:	2026-04-16 03:37:42 UTC
Last seen:	2026-04-16 03:42:03 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	a723a6f6b2d98c01856abbd6624e0063
ssdeep	3072:1erWaY8rVfVRL5TXynO3LNifWym3jTejo5b:nn8rVfVRL5mnO3LNsWysyG
TLSH	T1BCC39C10FAC1C073C49421704469C7B29A3EB4345B3A9AD7BF981BBE5E203D1E67A74B
TrID	50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.5% (.EXE) Win64 Executable (generic) (6522/11/2) 8.1% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-phorpiex exe

Bitsight

url: http://178.16.54.109/4

Intelligence

File Origin

# of uploads :

# of downloads :

194

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

phorpiex

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2026-04-16 03:38:23 UTC

Tags:

arch-exec arch-scr loader phorphiex botnet auto-reg phorpiex sextor spam-bot ip-check

Link:

https://app.any.run/tasks/7a460074-aa6a-4ab9-9832-6bb5487d8296

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/61816/

Detection(s):

SecuriteInfo.com.Win32.Dh-A.94729726.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69e059c245787c53e53a2b59

Tags:

downloader dropper blic

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a file

Changing a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug crypto explorer fingerprint lolbin microsoft_visual_cc

Link:

https://www.filescan.io/uploads/69e059b05ea31bc68a2f8e3e/reports/5e61f5a8-6540-4b79-aad6-8fb09a2d489c/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-04-16T00:58:00Z UTC

Last seen:

2026-04-16T23:54:00Z UTC

Hits:

~100

Detections:

Trojan-Ransom.Win32.Agent.sb PDM:Trojan.Win32.Generic HEUR:Trojan-Ransom.Win32.Gen.gen

Link:

https://opentip.kaspersky.com/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/779ec389-1405-4fcd-8606-14ef3cf5ccc3

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5/

Verdict:

Malicious

Threat:

Family.PHORPIEX

Link:

https://tip.neiki.dev/file/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

Threat name:

Win32.Malware.Generic

Status:

Suspicious

First seen:

2026-04-16 03:38:36 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

5 of 36 (13.89%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=r4gdwedrzjhe22a37wnlrbyhnhy5sopk6tfwvynmcmbioj3knpkq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery spyware stealer

Link:

https://tria.ge/reports/260416-d66vxaez5l/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

System Location Discovery: System Language Discovery

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

MD5 hash:

df91b0065f3ad023daf77a26096d7643

SHA1 hash:

ee7ae444f4f7636726689571b87f6912d860643e

Detections:

win_samsam_auto

Link:

https://www.unpac.me/results/7c78a3bb-925d-48f3-8742-866d7a4ca235/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

Rule name:	win_samsam_auto Create hunting rule
Author:	Felix Bilstein - yara-signator at cocacoding dot com
Description:	autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 8f0c3b1071ca4e4d681bfd9ab8870769f1d939eaf4cb6ae1ac130287276a6bd5

(this sample)

Dropped by

Phorpiex

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/61816/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample