MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c
SHA3-384 hash:	138f23f3d019d2270beb572a9368bace0d369e91061f11ac581f36a0bd8288edb657c185cce2413248ee5cce5ac1f23c
SHA1 hash:	5b6c20ecf6ebfac1a5e8cb83ec0766542bd2a570
MD5 hash:	17135f068822d2475389a8d701e53291
humanhash:	pip-bluebird-shade-papa
File name:	a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c
Download:	download sample
File size:	3'584 bytes
First seen:	2025-04-18 05:56:32 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	e82dd51b077167be63c004bed23d0c1e (40 x NetWalker, 2 x GuLoader, 1 x ShikataGaNai)
ssdeep	48:6IZUBQYxZul2EywS6DV8jk7QLzgzIzQz4zAzo157D9N9XM/geu3ahr0/x:2BQMZ7EywS6DVG++D9vXeg
TLSH	T15C71B54170501AF2D95DE3BF8487B89AFD4EB248A2C80B0B0798981A2F7607BB5DD613
TrID	38.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 15.6% (.ICL) Windows Icons Library (generic) (2059/9) 15.4% (.EXE) OS/2 Executable (generic) (2029/13) 15.2% (.EXE) Generic Win/DOS Executable (2002/3) 15.2% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	121-37-80-227 exe

Intelligence

File Origin

# of uploads :

# of downloads :

428

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c

Verdict:

No threats detected

Analysis date:

2025-04-18 06:17:42 UTC

Tags:

payload

Link:

https://app.any.run/tasks/a439d9cb-dbc7-422e-90c1-b00aa4eb4e15

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/2793/

Detection(s):

SecuriteInfo.com.Trojan.DownLoader48.12277.26959.20833.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6801ee92280f5f89a0d10a4d

Tags:

rozena emotet

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Connection attempt

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cobalt microsoft_visual_cc packed

Link:

https://www.filescan.io/uploads/6801e9bbe9c1e257979c9cd9/reports/58faf744-4d5b-4d9c-b3d5-ac2d11deecfd/overview

Verdict:

Malicious

Labled as:

Mikey.Generic

Link:

https://www.hybrid-analysis.com/sample/a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/0e1b03e9-cf9f-4522-9dfd-7a513b50ba70

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

52 / 100

Link:

https://www.joesandbox.com/analysis/1668176

Signature

Multi AV Scanner detection for submitted file

Potentially malicious time measurement code found

Behaviour

Behavior Graph:

Download SVG

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c/

Threat name:

Win64.Trojan.Mikey

Status:

Malicious

First seen:

2025-04-15 05:57:48 UTC

File Type:

PE+ (Exe)

AV detection:

26 of 38 (68.42%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ufptb4qohxyfamsek2l4sbwdukwm6v3oz325u75ng4ymux44cqoa._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250418-gnm7mavtd1/

Verdict:

Suspicious

Tags:

red_team_tool

YARA:

Cobalt_functions

Link:

https://app.threat.zone/submission/2d2a263b-ea1d-4b99-95fe-2bd21f1af73a

Unpacked files

SH256 hash:

a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c

MD5 hash:

17135f068822d2475389a8d701e53291

SHA1 hash:

5b6c20ecf6ebfac1a5e8cb83ec0766542bd2a570

Link:

https://www.unpac.me/results/fc3f0a03-268d-49f2-a2ce-2120554cbc99/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/2793/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_AUTHENTICODE	Missing Authenticode	high
CHECK_DLL_CHARACTERISTICS	Missing dll Security Characteristics (GUARD_CF)	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample