MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DarkCloud


Vendor detections: 16


Intelligence 16 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
SHA3-384 hash: e327a81977075954409a851499ac32d01d8a0106c8523931629d1fa8d81e6546647dc867d1ecd771e88a2cd6e265c3af
SHA1 hash: f765ee4ba0afef42354d7c20e21daf4a16257047
MD5 hash: 165db7da835e65ec86fdc01e755c28b3
humanhash: mike-quiet-nevada-lake
File name:a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
Download: download sample
Signature DarkCloud
Create hunting rule
File size:1'196'544 bytes
First seen:2026-06-08 09:41:34 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f34d5f2d4577ed6d9ceec516c1f5a744 (49'066 x AgentTesla, 20'011 x Formbook, 12'352 x SnakeKeylogger)
ssdeep 24576:lfbXfvLdZmFW8tlseo64yj0yg+9BqTiJGWVYd7T:lLfxIs8LpNrI+9BFsuYd7T
Threatray 358 similar samples on MalwareBazaar
TLSH T11545221C9B16E607C6911B38AE71F671226D6DCEA802D2279FDCAEDBFE77D051C04242
TrID 73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13)
6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
6.6% (.EXE) Win64 Executable (generic) (6522/11/2)
4.5% (.EXE) Win32 Executable (generic) (4504/4/1)
2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
Reporter adrian__luca
Tags:DarkCloud exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
HU HU
Vendor Threat Intelligence
Malware configuration found for:
RoboSki
Details
Link:
https://research.acce.ciphertechsolutions.com/results/a0d1dc27-e493-4ca1-9a02-daa123b5c6bf/
Detection:
DarkCloud
Create hunting rule
Link:
https://www.capesandbox.com/analysis/69880/
Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a268ec6ae2f98c00a68ca9a
Tags:
micro hype
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a window
Launching a process
Creating a file
Сreating synchronization primitives
DNS request
Connection attempt
Sending an HTTP GET request
Creating a file in the %AppData% subdirectories
Reading critical registry keys
Stealing user critical data
Setting a single autorun event
Unauthorized injection to a system process
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed vbnet
Link:
https://www.filescan.io/uploads/6a268e971f652d68656dc345/reports/2f6b763b-71e5-4fcc-a423-bf853358fd15/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-05-14T16:34:00Z UTC
Last seen:
2026-06-08T14:45:00Z UTC
Hits:
~1000
Link:
https://opentip.kaspersky.com/a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c/results?tab=lookup
Malware family:
DarkCloud
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/47178130-173d-4015-a131-b5fd0b236467
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c/
Threat name:
Win32.Trojan.Masslogger
Create hunting rule
Status:
Malicious
First seen:
2026-06-07 08:33:00 UTC
AV detection:
18 of 23 (78.26%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=usidxkgvmw3cx66ntdeyyrnbxdcg2eigjpama3yscwzp7h276mga._file
Verdict:
malicious
Label(s):
xworm
Create hunting rule
Similar samples:
16f469e717eb1239369889464fdc3d421e83bc1480b6445a7972b3c4ea6ed397
DarkCloud
49ba20cde2a94d0f765022fcb03f8f61b7ba7e3503a90c4b371c3b37c54f80dd
DarkCloud
57e753a6d49e97decfdfd33977c017da0c19955d69b6aeb150a7f9c80bca1134
DarkCloud
7b174447649c77a0077b8a72b3efb18d58c23ba32461ddd47cdbae7dcbf19f29
DarkCloud
8fd05fda12c171327139b846e98cd6c5e3a9032e73d47e58761dafa8e047c3a5
DarkCloud
90e4a4b341c0fc976c1832f1eed2ef6bbb0cc7635ff507ea574e7233c6655515
DarkCloud
error
DarkCloud
+ 348 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/260608-lpjm2sbw9p/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Windows directory
Suspicious use of SetThreadContext
Adds Run key to start application
Executes dropped EXE
Uses the VBS compiler for execution
Unpacked files
SH256 hash:
a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
MD5 hash:
165db7da835e65ec86fdc01e755c28b3
SHA1 hash:
f765ee4ba0afef42354d7c20e21daf4a16257047
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
SH256 hash:
f7d6e2c617287aefc849a9d8ef49d61c5dc562e25c8de051e5d05469aa80b081
MD5 hash:
a4dd6d2a168149e4bce343fea1e67d32
SHA1 hash:
46375520145b1148d20b981cccfeeb981fd4dd3b
Detections:
darkcloudstealer
Create hunting rule
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
Parent samples :
bd0d1f8cbc892d1ca6853739c7d2e6938f78b6ea8d07e517da318dd96a143d8b
a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c
b4f71a83ef2858a522aeb1fb0143abc94c1ef06baba2e317968dff9298030989
728ac47291c7eb020ce10ed5ec53f28ca03d6c7600db9ca18f702bbe6185a5c9
SH256 hash:
10d329d21caaa130466427ff625d0bfae6b1f1d26adfefd9f81f8a63f85b88d0
MD5 hash:
8593639303535cbb65d16fdb01b61e5b
SHA1 hash:
5c91fc8aaa38114227fd329bc9159e5eca903f23
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
SH256 hash:
3d71b161c67f0af1e24c5c2f62321dce2a3b422bd3e25f448c6200cadb0cc875
MD5 hash:
e21d9a085fd2f4bc78517a752712bd1c
SHA1 hash:
87b9249cee2bef6f4a2952c0417e32163a2f84d1
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
SH256 hash:
5aec1b634da021a809d299a55b6f359f1718716a56fa6c1a5ee6e55af41685c6
MD5 hash:
77d27ab81190a2dff105a1593592cb88
SHA1 hash:
a2b79bcfe055389a231a9c2447e83cbd8595fa40
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
SH256 hash:
3b75425895af4ae3186b36277553641e37ca1d620ae18d68e40d13351b54de6a
MD5 hash:
94d1531b52774dce52a89e33646d5b1d
SHA1 hash:
29bf887b025b97bd7a9e1e261852ba824234a625
Link:
https://www.unpac.me/results/c6ead6d0-dce7-4f25-8b1b-c63bc2351490/
Malware family:
DarkCloud
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/a4903ba8d565/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a4903ba8d565b62bfbcd98c98c45a1b8c46d11064bc0c06f1215b2ff9f5ff30c

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:NETexecutableMicrosoft
Create hunting rule
Author:malware-lu
Rule name:pe_imphash
Create hunting rule
Rule name:Skystars_Malware_Imphash
Create hunting rule
Author:Skystars LightDefender
Description:imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/69880/

Comments