MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a
SHA3-384 hash: fd8b0dba15e3f428a0b3b52f96ca523d839228329c5e9e6335c44314e1879cd34d16bbce8c48e3ac94e915cc4035c963
SHA1 hash: 9ff9bb42130f771480234d26a252568090960581
MD5 hash: 90c540086b27688dee1c8b5688827e85
humanhash: fix-shade-red-golf
File name:file
Download: download sample
File size:90'424'832 bytes
First seen:2025-12-18 23:49:45 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:lAZqtFi3zQzwBs6vNtcZY5Dfw3pgPVlcmXW:lAZui3zQz2jOZKft
TLSH T1BA187D03B3A705D5E8F7DA3196E65223A932BC066F3085DF324C17262F73AE05A76B51
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543


Avatar
Bitsight
url: https://download2287.mediafire.com/ro0d7u714w1g-Llb4Qkwi97bkB-xxOlooTVstzSLf5hzwBQ8qNWjKrd1_6FS1oac4-ZQwVeckCFAqMnW5L-mL6HHf-3pnDlyKxNVf4jQmadlxOJRgteekv_32wAqg-wTKB5w20r4qN1QlIA_831HbiOMrh_mQpdljIqobdXp6XxXcA/jg2bow2nph0y49o/Setup.exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
3'261
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ecde1794-2051-4868-8de1-c997fa1ce08e/
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2025-12-18 23:53:25 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9c747d4a-bcf3-44c6-bb2d-d9681b336afc

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69449355c97f4a807a3ba98d
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Restart of the analyzed sample
Creating a process with a hidden window
Launching a process
Creating a file
Using the Windows Management Instrumentation requests
Searching for synchronization primitives
DNS request
Connection attempt
Sending a custom TCP request
Creating a file in the %temp% subdirectories
Creating a process from a recently created file
Moving a recently created file
Searching for analyzing tools
Searching for the window
Creating a window
Unauthorized injection to a recently created process
Adding an exclusion to Microsoft Defender
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69449342e126b9ff4387dbf7/reports/552a5191-be92-4e7c-b6c7-f3e8541dabba/overview
Verdict:
Malicious
Labled as:
Malware_51.1
Link:
https://www.hybrid-analysis.com/sample/b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-18T21:07:00Z UTC
Last seen:
2025-12-19T07:47:00Z UTC
Hits:
~1000
Detections:
Trojan.Win32.Inject.sb Trojan.Win32.Inject.aqvom
Link:
https://opentip.kaspersky.com/b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wgmoba5ddmqjvxampecjdf3ia6dshvzafr6l2buccnrhlefjocna._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/251223-p54vpszkds/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/b52d174c-2ff1-4911-a933-05fb527d6484
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe b198e083a31b209adc0c7904919768078723d7202c7cbd068213627590a9709a

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download

Comments