MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bd07d453077355a535a2ace983345b8be7c640c0d4b0001d877df89cc5fa788. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NodeLoader


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9bd07d453077355a535a2ace983345b8be7c640c0d4b0001d877df89cc5fa788
SHA3-384 hash: 980c81700d36aa6efac802a1eef67cae5d0583024767376d4cfb48d9774e5f652e5bb61ea0e8cd6208757121bcd60ed3
SHA1 hash: eec8bef5ef5853f6b9aa3930025d310d82c6bc37
MD5 hash: 320a28409e11cda48ba716b5dfb66e92
humanhash: hawaii-robin-victor-finch
File name:LuxuryLoader.exe
Download: download sample
Signature NodeLoader
Create hunting rule
File size:84'590'888 bytes
First seen:2025-09-06 22:43:44 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b2a86e8b314318c5db2758c4f1f28af9 (11 x NodeLoader)
ssdeep 393216:0UvE/Ir+FiTzmx+WG7cAJ8tfzrIQ96tJgSVvNWm1cVtZByHlLVnaZu5K7QKN3pmY:0r16TImC5GVCdh7sUYhtgPdBs6Ir+
TLSH T1E3087B42A3EA05D5F9FB9A3489E65213D673BC063F3086DF224C172A1F736E09976721
TrID 61.4% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
15.5% (.EXE) Win64 Executable (generic) (10522/11/4)
7.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.6% (.EXE) Win32 Executable (generic) (4504/4/1)
2.9% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon 4000e8f4d4e80040 (3 x NodeLoader, 1 x LummaStealer, 1 x Vidar)
Reporter AntiSkidding
Tags:exe fake-cheat node NodeLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
86
Origin country :
GB GB
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
LuxuryLoader.exe
Verdict:
No threats detected
Analysis date:
2025-09-06 22:45:20 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/fcfa7935-8b7d-43f8-b953-f298dd07f7e0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68bcb96e3e988eb6ab843c2f
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc nexe overlay overlay packed threat
Link:
https://www.filescan.io/uploads/68bcb96237c25fcf12d5dee3/reports/941b6a3c-5fd6-490e-a20e-3db3a93ed5b2/overview
Verdict:
Suspicious
Labled as:
Malware/Generic
Link:
https://www.hybrid-analysis.com/sample/9bd07d453077355a535a2ace983345b8be7c640c0d4b0001d877df89cc5fa788
Verdict:
Unknown
File Type:
exe x64
First seen:
2025-09-07T06:27:00Z UTC
Last seen:
2025-09-07T06:27:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9bd07d453077355a535a2ace983345b8be7c640c0d4b0001d877df89cc5fa788/results?tab=lookup
Score:
87%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9bd07d453077355a535a2ace983345b8be7c640c0d4b0001d877df89cc5fa788
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tpih2rjqo42vuu22flhjqm2fxc7hyzambvfqaaoyo7pyttc7u6ea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250906-2n3mja1r18/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a2a8ee98-0cbd-4c4d-b43a-adeee0d799f2
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments