MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e
SHA3-384 hash:	87fbc36f88335ce714124b66c1ff095816d9fcb16b27c4ec509e2b0603365fadf8ab911521a38eb3ce3495e2e4226c78
SHA1 hash:	ea6248ccb977ee604691e0c800a37d4fd20571a2
MD5 hash:	a678d751041c4767dbd7391226d24db0
humanhash:	salami-india-hamper-white
File name:	HackerDoomsday.beta.3.exe
Download:	download sample
File size:	93'371'304 bytes
First seen:	2025-12-10 11:12:27 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	dcaf48c1f10b0efa0a4472200f3850ed (39 x BlankGrabber, 16 x SalatStealer, 15 x PythonStealer)
ssdeep	1572864:CEWA0WKceibapIhRFr7fN0G94THEZQiI2TsacZehmqZ8sEu6X48ZTThk8ok4tEm:CEWbDceibJjz9wHE8fcp187ZRfh4t
Threatray	8 similar samples on MalwareBazaar
TLSH	T1F62833842551D44FE2AD477E09E1DA2DEA9262FB9F6A9003CBB024C10F233DD7EB1759
TrID	66.6% (.EXE) InstallShield setup (43053/19/16) 16.2% (.EXE) Win64 Executable (generic) (10522/11/4) 7.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 3.1% (.EXE) OS/2 Executable (generic) (2029/13) 3.0% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	Anonymous
Tags:	backdoor exe

Intelligence

File Origin

# of uploads :

# of downloads :

311

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/051693f4-7f45-440f-b40c-2b8992d351ed/

Malware family:

n/a

ID:

File name:

HackerDoomsday.beta.3.exe

Verdict:

Malicious activity

Analysis date:

2025-12-10 11:13:49 UTC

Tags:

pyinstaller python

Link:

https://app.any.run/tasks/15de8d87-caec-4a27-9c49-a6aee5b63682

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

90.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=693955d9a675b653bd0faf27

Tags:

extens virus sage

Gathering data

Verdict:

Malicious

Labled as:

Python_Agent_BMD_trojan

Link:

https://www.hybrid-analysis.com/sample/96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-08T18:08:00Z UTC

Last seen:

2025-12-10T12:08:00Z UTC

Hits:

~10

Detections:

Trojan.Win32.Agent.sb PDM:Trojan.Win32.ScreenLocker.gen PDM:Trojan.Win32.Generic Trojan.Win32.Diss.suwrq

Link:

https://opentip.kaspersky.com/96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e/results?tab=lookup

Score:

94%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e

Gathering data

Verdict:

Malicious

Threat:

Trojan.Python

Link:

https://tip.neiki.dev/file/96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e

Threat name:

Win64.Malware.Heuristic

Status:

Malicious

First seen:

2025-12-08 13:31:31 UTC

File Type:

PE+ (Exe)

Extracted files:

3554

AV detection:

7 of 24 (29.17%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=s3yies66aap5d55srjmmnd5mcfhxnysik7cwaoigbflejpjnm4pa._file

Verdict:

malicious

Label(s):

genericransomware

69194ef82bca1b59144720f97d8a1e9b0db407e75f7e46b5685ffdec8020a5c7

919a5cfc45d37267ee346e4fc80dc04c54c974bf37eeeb2283ee5e7e7357b38e

b07b2eaf8b1e487837fc8b5cb1c3d999674b0f6706fc623d92f4c246c4b0f4a0

error

fde3819fe90193bd64f3e6257a9a7e683aa359405e40f56658ea56cae46ed8a6

Result

Malware family:

n/a

Score:

10/10

Tags:

defense_evasion execution impact persistence pyinstaller ransomware trojan

Link:

https://tria.ge/reports/251210-nbjf8syqfy/

Behaviour

Checks SCSI registry key(s)

Interacts with shadow copies

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of AdjustPrivilegeToken

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

System policy modification

Uses Volume Shadow Copy service COM API

Views/modifies file attributes

Enumerates physical storage devices

Drops file in Windows directory

Checks whether UAC is enabled

Modifies boot configuration data using bcdedit

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Disables RegEdit via registry modification

Disables Task Manager via registry modification

Disables use of System Restore points

Event Triggered Execution: Image File Execution Options Injection

Overwrites deleted data with Cipher tool

Deletes shadow copies

Modifies WinLogon for persistence

UAC bypass

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/c0358d66-b45e-4824-a0f8-a855fe04496a

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/96f0824bde00/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe 96f0824bde001fd1f7b28a58c68fac114f76e24857c5603906095644bd2d671e

(this sample)

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample