MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 4 File information Comments

SHA256 hash:	8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48
SHA3-384 hash:	936fd995d5e47d12d3f5c5d76b73bd07ba23895a4a4968cbd1ace282a8a523bc26b0e7f5a138dd4bc20b5d41e0149920
SHA1 hash:	bcafa90fd3c5954a0b144b1112c818ed1662a7f5
MD5 hash:	577e8d55d313bbc3526064a2531427f7
humanhash:	tennessee-coffee-vermont-october
File name:	rgbux.exe
Download:	download sample
File size:	289'280 bytes
First seen:	2025-12-19 15:03:39 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4c2cb70eaa36e2f27e3da0ec1f2cb347 (7 x RaccoonStealer, 2 x Amadey, 2 x Smoke Loader)
ssdeep	3072:IRYVlZfwzT8EGJOSQ2py3d2Rv604eqpkDcCQcAf7b0y1bwIHYtTV6Gg:VATtGA2ogRZ4gCfn0yci
TLSH	T10E54D02172B1E031D5D3597464B8C6B02A3AB9332BA5C687772B173D4E707D1E6BA30B
TrID	47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 15.9% (.EXE) Win64 Executable (generic) (10522/11/4) 9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 7.6% (.EXE) Win16 NE executable (generic) (5038/12/1) 6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	Anonymous
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

105

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

AceCryptor

Details

AceCryptor

an extracted shellcode loader component and the ms_c_rand-XOR seed

AceCryptor

an extracted shellcode loader component and a TEA decryption key

AceCryptor

an extracted payload

Link:

https://research.acce.ciphertechsolutions.com/results/ce2db6ff-391f-4474-af85-d704d485f9f1/

Malware family:

n/a

ID:

File name:

rgbux.exe.zip

Verdict:

No threats detected

Analysis date:

2025-12-19 20:28:19 UTC

Tags:

arch-exec

Link:

https://app.any.run/tasks/5cc2b5e0-7526-43da-b42d-6f82de7c51ad

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45520/

Detection(s):

Win.Malware.SmokeLoader-9879547-1

Win.Trojan.Generic-9879797-0

Win.Trojan.Generic-9883884-0

Win.Packer.pkr_ce1a-9980177-0

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6945696f021cfe859b07bc9f

Tags:

dropper virus krypt

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

azorult fingerprint krypt loki microsoft_visual_cc overlay packed ransomware smokeloader

Link:

https://www.filescan.io/uploads/694569b7e126b9ff4388e294/reports/077baca0-6491-4b7b-ab4d-27d1c37b8931/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48

Verdict:

Clean

File Type:

exe x32

Link:

https://opentip.kaspersky.com/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48/results?tab=lookup

Malware family:

STOP Ransomware

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/4bc38aec-82a2-432c-8d4f-239ebba6995f

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/577e8d55d313bbc3526064a2531427f7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48/

Verdict:

Susipicious

Link:

https://tip.neiki.dev/file/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48

Threat name:

Win32.Ransomware.StopCrypt

Status:

Malicious

First seen:

2025-12-19 15:04:15 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

19 of 24 (79.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=r5moobmja6d6plmk6u2phlp2mvkptoza77kym5w2jwuxizrz7rea._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251223-qa3jtszmew/

Verdict:

Malicious

Tags:

Win.Malware.SmokeLoader-9879547-1

YARA:

n/a

Link:

https://app.threat.zone/submission/2771980b-7f51-4eff-b88b-8e0e920231cd

Unpacked files

SH256 hash:

8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48

MD5 hash:

577e8d55d313bbc3526064a2531427f7

SHA1 hash:

bcafa90fd3c5954a0b144b1112c818ed1662a7f5

Link:

https://www.unpac.me/results/156bddc1-06bc-4006-b9f7-c58109286057/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8f58e705890787e7ad8af534f3adfa6554f9bb20ffd58676da4da9746639fc48

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerException__SetConsoleCtrl Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/45520/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample