MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99f8df92ff734f6baf04f47d572219f4264b9f32f3f694a024de2c03efc218d0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NodeLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	99f8df92ff734f6baf04f47d572219f4264b9f32f3f694a024de2c03efc218d0
SHA3-384 hash:	a62bc9d7fa32899a2a2a30f421605cac6e6df8c65bb286ce5a8f189bf9b143d87c430bb992bf20678138bb1a85fa1fd1
SHA1 hash:	932029c27cab9e4de89baccf5e6b8fc0c5ded634
MD5 hash:	94c0640eecaa9a2161a88a9cc3d8bca5
humanhash:	mars-robert-washington-december
File name:	nigclientskinstealer.exe
Download:	download sample
Signature	NodeLoader Create hunting rule
File size:	72'609'188 bytes
First seen:	2025-06-27 20:13:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	325b594b25b7c06988a176a364565897 (11 x NodeLoader)
ssdeep	393216:R5P3pCzfv9l0A6LUJoBycFuVJas+7+uBzgkJKTpEdN5gsbtFKx2Xinsp0AIXvVTI:RpQftOi9AiIyvJEoBxOWbcFJ
TLSH	T17AF75A42A7EA04D5F9F7AA3489F65213D673BC062F3085DB324C172A1F736E09976722
TrID	48.7% (.EXE) Win64 Executable (generic) (10522/11/4) 23.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.3% (.EXE) OS/2 Executable (generic) (2029/13) 9.2% (.EXE) Generic Win/DOS Executable (2002/3) 9.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	AntiSkidding
Tags:	exe NodeLoader

Intelligence

File Origin

# of uploads :

# of downloads :

232

Origin country :

Vendor Threat Intelligence

Verdict:

Malicious

Score:

81.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=685efbbf37c343677946952b

Tags:

malware

Result

Verdict:

Clean

Maliciousness:

Behaviour

DNS request

Connection attempt

Sending a custom TCP request

Verdict:

Suspicious

Labled as:

Malware/Generic

Link:

https://www.hybrid-analysis.com/sample/99f8df92ff734f6baf04f47d572219f4264b9f32f3f694a024de2c03efc218d0

Score:

98%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/99f8df92ff734f6baf04f47d572219f4264b9f32f3f694a024de2c03efc218d0

Gathering data

Threat name:

Win64.Trojan.Generic

Status:

Suspicious

First seen:

2025-06-27 01:21:18 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=th4n7ex7onhwxlye6r6voiqz6qtexhzs6p3jjibe3ywah36cddia._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250627-y1ffzsttbz/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/facfa66a-8afe-43d7-ac85-2fa221debf2f

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample