MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a8645969858c623fd51731746d3dbd1f6523be3dec51e8ac574bd70aa9d232b0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 11 File information Comments

SHA256 hash: a8645969858c623fd51731746d3dbd1f6523be3dec51e8ac574bd70aa9d232b0
SHA3-384 hash: db278271601730b5eeae19bc1da02a312270c28dc74a1a9980fb93543ef6e7b14994e835f60374e2c76d9cc7f757204e
SHA1 hash: 1135962ef0c85f759ff7b6f5a2cd2de91c1cb03c
MD5 hash: 3588be4de139007087f1351abc379ae5
humanhash: oscar-lake-eighteen-east
File name:SecuriteInfo.com.Trojan.Siggen31.56912.22545.8141
Download: download sample
File size:1'731'112 bytes
First seen:2025-09-25 06:18:28 UTC
Last seen:2025-09-25 07:16:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 442cd635b0ae873bc92537f6f6554791 (3 x Rhadamanthys, 1 x LummaStealer)
ssdeep 24576:1j/HX3/ocUIGFCMZCavhSebMQGOoaaa88Edn6wxWWaAccEAyw9hBjIt:1fgc0FCCCUh8QEaaRNVWWtccgiBjw
TLSH T1CA85E042F5C30093FBE304706B39C9A5C8299AA3BB281CDB91188594D5F9EDFD67352B
TrID 49.9% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win32 Executable (generic) (4504/4/1)
9.6% (.EXE) OS/2 Executable (generic) (2029/13)
9.5% (.EXE) Generic Win/DOS Executable (2002/3)
9.4% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter SecuriteInfoCom
Tags:exe

Intelligence


File Origin
# of uploads :
2
# of downloads :
74
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.Trojan.Siggen31.56912.22545.8141
Verdict:
Malicious activity
Analysis date:
2025-09-25 06:21:38 UTC
Tags:
netreactor purehvnc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
81.4%
Tags:
stealer spoof virus agent
Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
Sending a custom TCP request
Сreating synchronization primitives
Connection attempt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint invalid-signature microsoft_visual_cc packed signed
Verdict:
Unknown
File Type:
exe x32
First seen:
2025-09-25T04:10:00Z UTC
Last seen:
2025-09-25T04:10:00Z UTC
Hits:
~10
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 32 Exe x86
Threat name:
Win32.Trojan.LummaStealer
Status:
Malicious
First seen:
2025-09-25 06:20:45 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Behaviour
Suspicious use of AdjustPrivilegeToken
System Location Discovery: System Language Discovery
Unpacked files
SH256 hash:
a8645969858c623fd51731746d3dbd1f6523be3dec51e8ac574bd70aa9d232b0
MD5 hash:
3588be4de139007087f1351abc379ae5
SHA1 hash:
1135962ef0c85f759ff7b6f5a2cd2de91c1cb03c
SH256 hash:
01c330c1db6cc12a4696ecdb3a9bc5f1bd398ac62c5d15a18d0bcbc36c6bc6c8
MD5 hash:
ae5fedfc93b778ea6763c413fe5eb417
SHA1 hash:
11a1f9f47505d7b27eddbb1540667ed6746285d1
SH256 hash:
d5eaebd65b5301d55d5c2cce4ded703c599b8c54cb6c2f7fdef71e7c25ae9fe0
MD5 hash:
72960c89a2e132f6e2ecb4c4f56c82aa
SHA1 hash:
19492daff9c29b0bc9884e2f1836a1bc5774fe4f
Detections:
SUSP_OBF_NET_Reactor_Indicators_Jan24
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_AllMal_Detector
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Rule name:PE_Digital_Certificate
Author:albertzsigovits
Rule name:pe_imphash
Rule name:Skystars_Malware_Imphash
Author:Skystars LightDefender
Description:imphash
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:TH_Generic_MassHunt_Webshells_2025_CYFARE
Author:CYFARE
Description:Generic multi-language webshell mass-hunt rule (PHP/ASP(X)/JSP/Python/Perl/Node) - 2025
Reference:https://cyfare.net/

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe a8645969858c623fd51731746d3dbd1f6523be3dec51e8ac574bd70aa9d232b0

(this sample)

  
Delivery method
Distributed via web download

Comments