MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 9 File information Comments

SHA256 hash:	92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a
SHA3-384 hash:	4169160b7e85051fba2c190a39330b9c9316dcae8f58d735810d55758e989914d5d9bf3a61fc2ed16f5766730347c243
SHA1 hash:	78c8ab4a9932805f5fb32f4a19367642ea8ac6f6
MD5 hash:	bc376c951eacb36bf0909a43588e6444
humanhash:	bulldog-diet-orange-wolfram
File name:	chromelevator.exe
Download:	download sample
File size:	1'463'808 bytes
First seen:	2025-12-06 17:29:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	6ff084ea6e09e3ebcc767351ce4ecec2
ssdeep	24576:OpZYLCDHXBE2g+PcgIv9IPryj1KmD9ofTKTRVyrq2SzjEnxL8:K52AkgIv1vD+fOTRomvEd
Threatray	13 similar samples on MalwareBazaar
TLSH	T1EF65121EEBA401FDE1B7D175CD124806EB327C4E47B1A68F239549962F336A09E3E721
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	juroots
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

chromelevator_x64.exe

Verdict:

No threats detected

Analysis date:

2025-11-14 10:13:12 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/9efe38b3-447e-4bd4-a5cd-69e27453fc5c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/42773/

Detection(s):

Win.Tool.Generickdz-10057837-0

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69346888920336450abc065e

Tags:

ransomware hacktool virus

Verdict:

Malicious

Labled as:

HackTool_Win64_PSWDump_MY_MTB

Link:

https://www.hybrid-analysis.com/sample/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

Verdict:

Clean

File Type:

exe x64

First seen:

2025-11-03T11:19:00Z UTC

Last seen:

2025-12-06T19:55:00Z UTC

Hits:

~1000

Link:

https://opentip.kaspersky.com/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/0aec9e2f-076c-4a6f-a1cf-ad5a82e985ab

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/bc376c951eacb36bf0909a43588e6444

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a/

Verdict:

Susipicious

Link:

https://tip.neiki.dev/file/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

Threat name:

Win64.Hacktool.PSWDump

Status:

Malicious

First seen:

2025-11-03 02:01:47 UTC

File Type:

PE+ (Exe)

AV detection:

24 of 36 (66.67%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=slcpjn3ur4r5nxgvv5bvsxzu4s5y4kckqxjmczd3dcobxnm2pbfa._file

Verdict:

malicious

Label(s):

arkanixstealer

38169b3e010b40184746ade1946dcb355c6d4f57bc1149a63fa21df3b8b308a6

4b460d4661160b686264b7acf80c077c0d3a0d19d9ea6f1a62ae6eea87b40c7b

8f5aa6325ae84727f4fac778f10af10be1918d675c32d79229af1078bb8aa220

92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

9986ab3e10c7e0f163335976d3646f2239800793e9de4b183af03c2c55d99555

c896595965acfb25fd953291b465f383b9322cbf074f8f97cf1337f54c1c552e

error

+ 3 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251206-v3lh8szres/

Verdict:

Malicious

Tags:

Win.Tool.Generickdz-10057837-0

YARA:

n/a

Link:

https://app.threat.zone/submission/6ea8bf5a-2440-4fdd-bab0-60c5aa0ad45f

Unpacked files

SH256 hash:

92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

MD5 hash:

bc376c951eacb36bf0909a43588e6444

SHA1 hash:

78c8ab4a9932805f5fb32f4a19367642ea8ac6f6

Link:

https://www.unpac.me/results/1ad94c38-784a-4aa1-a722-ba6a826dc4eb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	Glasses Create hunting rule
Author:	Seth Hardy
Description:	Glasses family

Rule name:	GlassesCode Create hunting rule
Author:	Seth Hardy
Description:	Glasses code features

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	ReflectiveLoader Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 92c4f4b7748f23d6dcd5af43595f34e4bb8e284a85d2c1647b189c1bb59a784a

(this sample)

Cape

https://www.capesandbox.com/analysis/42773/

URLhaus

https://urlhaus.abuse.ch/url/3727809/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample