MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a
SHA3-384 hash: b3ca5cc2a5b80627d63259727faf6ac98ba91301a767a2c4360c00e7e788b8a823d32402e706ac632da69360540855f6
SHA1 hash: ee3d08b078b5748b91c90ba9af306823871466bf
MD5 hash: c4c013c1e1612746c9b64ae6922e3d32
humanhash: oven-monkey-green-mississippi
File name:External 2.4.exe
Download: download sample
File size:90'426'368 bytes
First seen:2025-12-19 18:02:26 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:7AZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:7AZui3zQz2jOZKft
TLSH T179187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter burger
Tags:exe stealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
2'152
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/52ad435e-71be-4b7c-9660-5d87790d6248/
Malware family:
n/a
ID:
1
File name:
External2.4.exe
Verdict:
Suspicious activity
Analysis date:
2025-12-19 18:01:45 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/a38710ed-f23f-43cc-ae30-40e77fa30182

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6945937cee899ae4567f1148
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/694593683f8fdbf8e94c69d2/reports/5c8ba2c6-3977-4059-94ed-9bdd778b3e03/overview
Verdict:
Suspicious
Labled as:
Trojan.Heur
Link:
https://www.hybrid-analysis.com/sample/a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-19T15:17:00Z UTC
Last seen:
2025-12-20T16:59:00Z UTC
Hits:
~1000
Detections:
Trojan.Win32.Inject.sb Trojan.Win32.Inject.aqvqk RiskTool.BitCoinMiner.TCP.C&C
Link:
https://opentip.kaspersky.com/a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1836448
Signature
Joe Sandbox ML detected suspicious sample
Sigma detected: Potential WinAPI Calls Via CommandLine
Suspicious powershell command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1836448 Sample: External 2.4.exe Startdate: 19/12/2025 Architecture: WINDOWS Score: 52 21 Suspicious powershell command line found 2->21 23 Joe Sandbox ML detected suspicious sample 2->23 25 Sigma detected: Potential WinAPI Calls Via CommandLine 2->25 8 External 2.4.exe 1 2->8         started        process3 process4 10 External 2.4.exe 8->10         started        13 conhost.exe 8->13         started        signatures5 27 Suspicious powershell command line found 10->27 15 tasklist.exe 1 10->15         started        17 powershell.exe 4 10->17         started        process6 process7 19 conhost.exe 15->19         started       
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a6f458a42d0b5e7f9d4285f0a95b77bef05458d254b20698622ee6df4415f35a
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-19 15:24:49 UTC
File Type:
PE+ (Exe)
Extracted files:
11
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u32frjbnbnph7hkcqxyksw3xx3yfiwgskszangdcf3tn6rav6nna._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/251223-qefwmazpaz/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ce759c89-2fbc-4150-9e43-d02788224004
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments