MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d
SHA3-384 hash:	89b1900802de94729f99930f98907af57163839b683d81eb5b14faa5bd8a33693cc8d98c82d1ef5aa3670f0f45cfda16
SHA1 hash:	c9ecbc635558912e131485a5b7bec12f3de3f8db
MD5 hash:	7fe61e2ceae7ff69836c5c241c479c4b
humanhash:	eleven-florida-lion-queen
File name:	a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d
Download:	download sample
File size:	80'850'716 bytes
First seen:	2026-03-01 09:05:17 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	957d237db44af201299a1e8ffc6df035
ssdeep	786432:a5EosxTUU8XOkBKgP9ZURVujWV1CVuQwoz3f5QtaFBRWYF3eKC3tIgiZ0e:a6oslbkJnURVujK1CBPetalOz3tB6P
TLSH	T12808D01663A116AAD97BD1388AAB6503EB73B4071330C7DF329C43712F63AE45D7A760
TrID	38.2% (.EXE) Win64 Executable (generic) (6522/11/2) 26.4% (.EXE) Win32 Executable (generic) (4504/4/1) 11.8% (.EXE) OS/2 Executable (generic) (2029/13) 11.7% (.EXE) Generic Win/DOS Executable (2002/3) 11.7% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	JAMESWT_WT
Tags:	exe kurdishmyth MythJs

Intelligence

File Origin

# of uploads :

# of downloads :

129

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/8bdb5554-0f4a-4105-8ea5-b6193176f2ee/

Malware family:

n/a

ID:

File name:

a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d

Verdict:

Malicious activity

Analysis date:

2026-03-01 09:09:40 UTC

Tags:

nodejs anti-evasion discord stealer ims-api generic susp-powershell

Link:

https://app.any.run/tasks/dff00569-f41e-4d08-8839-a4ba847be7b6

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a401ffc950ab5d9ab2d162

Tags:

n/a

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

expand lolbin microsoft_visual_cc overlay packed pkg

Link:

https://www.filescan.io/uploads/69a401619eaae8465940edd6/reports/8ae25bce-de09-4749-b124-9841cb0a491a/overview

Verdict:

Suspicious

Labled as:

Trojan.Stealer.Win64

Link:

https://www.hybrid-analysis.com/sample/a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d

Verdict:

Malicious

File Type:

exe x64

Detections:

Trojan.Win64.Agent.smfplu

Link:

https://opentip.kaspersky.com/a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d/results?tab=lookup

Score:

85%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d

Gathering data

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/a4459567943b66e76a778883fa7b73aeb9a74c25da740cafccb52c324ac7217d

Threat name:

Win64.Trojan.Redirector

Status:

Malicious

First seen:

2026-02-22 21:14:45 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

3 of 24 (12.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=urczkz4uhntoo2txrcb7u63tv242otbf3j2azl6mwuwdeswhef6q._file

Result

Malware family:

n/a

Score:

7/10

Tags:

defense_evasion execution spyware stealer

Link:

https://tria.ge/reports/260301-k2edesgz4e/

Behaviour

Checks processor information in registry

Enumerates system info in registry

Kills process with taskkill

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Checks BIOS information in registry

Loads dropped DLL

Reads user/profile data of web browsers

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample