MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 5 File information Comments

SHA256 hash:	b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e
SHA3-384 hash:	bec391bf87f77e10e196f03df1554499a3601160b74f4d04312576c1482d75ec10b4967faa6a2371bdcde2ba80b66fc7
SHA1 hash:	6e96232b93516d97755acc724c6d161dd9870f3b
MD5 hash:	e82e808a0c18a35b49cdcd19a6b3bdae
humanhash:	table-ohio-maine-california
File name:	file
Download:	download sample
File size:	40'448 bytes
First seen:	2026-01-18 21:33:14 UTC
Last seen:	2026-01-18 21:37:12 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	78b69eb4f2e8d6ddd109b1ddc8705473
ssdeep	768:TkiSJy9ZuuGtU4s6VgacX7kLtSlOUyV17+tXKvzPzXJ26C:QirQuZ4sdXk/d7PzZ
TLSH	T19B032897E99244F8D809C5708DF2622B8BB3F951087D934F58F09F472E75720FB19A8A
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe fbf543

Bitsight

url: http://130.12.180.43/files/7606537116/TL1ax3z.exe

Intelligence

File Origin

# of uploads :

# of downloads :

151

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

file

Verdict:

Malicious activity

Analysis date:

2026-01-18 21:35:54 UTC

Tags:

telegram websocket

Link:

https://app.any.run/tasks/ae0bf6dc-abe4-4e2a-a6dc-4654fad9c1c7

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/49274/

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=696d51e1f3cf908ba50634ec

Tags:

remo hype

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug fingerprint packed

Link:

https://www.filescan.io/uploads/696d51de3dd9d2095059244a/reports/67f91e82-177d-408e-a182-96ec3f25bd1d/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_90%

Link:

https://www.hybrid-analysis.com/sample/b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e

Verdict:

Malicious

File Type:

exe x64

Detections:

HEUR:Trojan.Win32.Agentb.gen

Link:

https://opentip.kaspersky.com/b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d3b6609f-b295-4d2b-aad6-28e2dc3f09a0

Score:

97%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/e82e808a0c18a35b49cdcd19a6b3bdae

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e/

Verdict:

Malicious

Threat:

Trojan.Win32.Agentb

Link:

https://tip.neiki.dev/file/b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e

Threat name:

Win64.Trojan.Mint

Status:

Malicious

First seen:

2026-01-18 21:34:41 UTC

File Type:

PE+ (Exe)

AV detection:

4 of 36 (11.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wvahmnfovnhsl33xqhwtvipjeta2c75os2ohkt4juajxkkpg4b7a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260118-1ext9agt5a/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/1a77b11c-88ba-42f0-acc9-bfb6440136c1

Unpacked files

SH256 hash:

b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e

MD5 hash:

e82e808a0c18a35b49cdcd19a6b3bdae

SHA1 hash:

6e96232b93516d97755acc724c6d161dd9870f3b

Link:

https://www.unpac.me/results/c866ae9c-fe7f-4581-bb82-e81cc1c0ef99/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/b5407634aeab/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Check_Debugger Create hunting rule

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	sus_pe_free_without_allocation Create hunting rule
Author:	Maxime THIEBAUT (@0xThiebaut)
Description:	Detects an executable importing functions to free memory without importing allocation functions, often indicative of dynamic import resolution

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b5407634aeab4f25ef7781ed3aa1e924c1a17fae969c754f89a0137529e6e07e

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3759991/

Cape

https://www.capesandbox.com/analysis/49274/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample