MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 9 File information Comments

SHA256 hash:	a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6
SHA3-384 hash:	fe93dd0439cd8c9a83a71af66bf66fb6bfe6cd1570ba8d254e5ce12ad4104bb5fad5030243fff7d0e667d11a0bac4771
SHA1 hash:	81ee8af9360f31d0456cc9f6cac8ead111e686df
MD5 hash:	226176679bfe3660853efa1f6687a84f
humanhash:	violet-michigan-hamper-monkey
File name:	a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6
Download:	download sample
File size:	2'300'416 bytes
First seen:	2026-03-17 12:33:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	0efd6cb0c6e770fe9c94ebe37a1fcc56 (1 x Konni)
ssdeep	49152:nSxaDlBM3zvk5vvAGHzP6Iwvmo2ixH++Wg51SqGkkR2bWyW5pYcJ:nhlD5QGTCIwp2iN++WpqlkR2bVcpY
TLSH	T1F6B5234177A180B1CC9B0B719C7AD62EF77424218768DCD7F7C82505AD62AE37E3A386
TrID	50.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13) 10.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 10.5% (.EXE) Win64 Executable (generic) (6522/11/2) 8.1% (.EXE) Win16 NE executable (generic) (5038/12/1) 7.2% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	exe Konni-EndRAT-KakaoTalk

Intelligence

File Origin

# of uploads :

# of downloads :

153

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

Verdict:

No threats detected

Analysis date:

2026-03-17 12:33:45 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/946bd20d-4ed6-417b-9596-4a890adea697

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/57722/

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69b94a4b88c80c01586b1e36

Tags:

vmprotect virut

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 black evasive evasive exploit explorer keylogger lolbin microsoft_visual_cc obfuscated packed packed packed virus virut vmprotect

Link:

https://www.filescan.io/uploads/69b94a464ec2f522cc4c6d72/reports/e125652e-c12f-4f52-aeb5-0cc1f1f48d88/overview

Verdict:

Malicious

Labled as:

Trojan.PT.mAW@a4vRl.Generic

Link:

https://www.hybrid-analysis.com/sample/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

Verdict:

Malicious

File Type:

exe x32

Detections:

Trojan.Win32.Agent.xcdbml

Link:

https://opentip.kaspersky.com/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/c583b62b-6f18-4448-b8d7-dd8069d4ebe3

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

Verdict:

inconclusive

YARA:

5 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 32 Exe x86

Link:

https://app.malva.re/file/226176679bfe3660853efa1f6687a84f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

Threat name:

Win32.Backdoor.OutBreak

Status:

Malicious

First seen:

2026-03-02 11:05:29 UTC

File Type:

PE (Exe)

AV detection:

17 of 24 (70.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=uegtbdinhwyx7d4hywu5bz7ng6i7wifvsc32gi2hngjba72u4d3a._file

Result

Malware family:

n/a

Score:

7/10

Tags:

discovery vmprotect

Link:

https://tria.ge/reports/260317-prvpwact3t/

Behaviour

System Location Discovery: System Language Discovery

VMProtect packed file

Unpacked files

SH256 hash:

a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

MD5 hash:

226176679bfe3660853efa1f6687a84f

SHA1 hash:

81ee8af9360f31d0456cc9f6cac8ead111e686df

Link:

https://www.unpac.me/results/67c3e40c-ea3f-4ca0-b22e-1035396b6cc5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.14

Link:

https://yomi.yoroi.company/submissions/a10d308d0d3db17f8f87c5a9d0e7ed3791fb20b590b7a323476992107f54e0f6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerHiding__Thread Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	dgaagas Create hunting rule
Author:	Harshit
Description:	Uses certutil.exe to download a file named test.txt

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_EXE_Packed_VMProtect Create hunting rule
Author:	ditekSHen
Description:	Detects executables packed with VMProtect.

Rule name:	INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM Create hunting rule
Author:	ditekSHen
Description:	Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)

Rule name:	MALWARE_Win_Unknown_PackedLoader_01 Create hunting rule
Author:	ditekShen
Description:	Detects unknown loader / packer. Observed running LummaStealer

Rule name:	VMProtectStub Create hunting rule
Author:	@bartblaze
Description:	Identifies VMProtect packer stub.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/57722/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample