MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731
SHA3-384 hash: ed2e0cf1c9bd0cd4c30e28a6586398455f77d33a2e86966b80f036f89ea28f3d726a6d14345409b816d1366956b2b390
SHA1 hash: abe759bb01a66777428d0a4b83987a7a7458c281
MD5 hash: 726544dac2f40c3b6c4243527b1fab1e
humanhash: river-aspen-sixteen-saturn
File name:file
Download: download sample
File size:2'471'424 bytes
First seen:2025-11-06 11:59:44 UTC
Last seen:2025-11-06 13:28:17 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 2eabe9054cad5152567f0699947a2c5b (2'852 x LummaStealer, 1'312 x Stealc, 1'026 x Healer)
ssdeep 49152:cH9USgkmB7NJv0qS+8yzYevvuqadJsT+G4GGyXSVlOobFKM1H:cMkmBbve+8yXXadJs3FIOobFK
TLSH T171B53336BB46C178EE9FAE301F01720EA21F4803EFF75391526949495F4B667930A7B8
TrID 45.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.3% (.EXE) OS/2 Executable (generic) (2029/13)
18.0% (.EXE) Generic Win/DOS Executable (2002/3)
18.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://178.16.54.200/files/unique1/random.exe

Intelligence

File Origin
# of uploads :
3
# of downloads :
87
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731.bin.exe
Verdict:
No threats detected
Analysis date:
2025-11-06 11:49:36 UTC
Tags:
themida
Link:
https://app.any.run/tasks/ae3743b7-97fe-4705-9eb7-c512f9d61c1b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/36350/
Detection(s):
SecuriteInfo.com.Win64.MalwareX-gen.12396521.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=690c8db55a5ed7864e238522
Tags:
virus
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
base64 microsoft_visual_cc obfuscated oreans_codevirtualizer packed packed themidawinlicense
Link:
https://www.filescan.io/uploads/690c8dea4425b0b1fd188a76/reports/4c46c56c-cb8c-4452-a028-0806346aa65d/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_90%
Link:
https://www.hybrid-analysis.com/sample/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-11-06T08:55:00Z UTC
Last seen:
2025-11-06T10:23:00Z UTC
Hits:
~10
Detections:
Trojan-PSW.Win32.Rhadamanthys.sb Trojan.Win64.SBEscape.sb Trojan.Win64.Khalesi.i HEUR:Trojan.Win64.Khalesi.gen
Link:
https://opentip.kaspersky.com/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/726544dac2f40c3b6c4243527b1fab1e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731/
Verdict:
Malicious
Threat:
Trojan.Win64.Khalesi
Link:
https://tip.neiki.dev/file/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731
Threat name:
Win64.Trojan.Vidar
Create hunting rule
Status:
Malicious
First seen:
2025-11-06 11:49:38 UTC
File Type:
PE+ (Exe)
AV detection:
20 of 23 (86.96%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=twldn3nl564zid225ghztsgdvw7ebctchu63o2beivfkx3e2a4yq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/251106-n6m3xaap5w/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Checks BIOS information in registry
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ef1906ad-2154-4ec4-ab89-e7489bec134c
Unpacked files
SH256 hash:
9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731
MD5 hash:
726544dac2f40c3b6c4243527b1fab1e
SHA1 hash:
abe759bb01a66777428d0a4b83987a7a7458c281
Link:
https://www.unpac.me/results/234daeb4-952d-480a-9ced-01161f526749/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.72
Link:
https://yomi.yoroi.company/submissions/9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe 9d9636edabefb9940f5ae98f99c8c3adbe408a623d3db76824454aabec9a0731

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/36350/

Comments