MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
SHA3-384 hash: 626deac136d91ca61ddb0efe2d94f038ac73057fb27e85767df2fa7ffd1b022913e6e4d03bbaac67bbdd76f4a05d4678
SHA1 hash: 115c28def6005851c9b347abf5c16e3c1e69d9ba
MD5 hash: 6662dc729fed54e0c3487918a6e060a5
humanhash: pizza-robert-may-triple
File name:bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
Download: download sample
File size:86'733'312 bytes
First seen:2025-10-13 13:10:27 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash b2e426b78f8291fe9c5a3f4a8555e42d (2 x NodeLoader, 1 x Rhadamanthys)
ssdeep 786432:5mzVkt4qv8UbDPmyUE157pfpgPVlcmfKx46foQW:5mzVkvv8UZse6j
TLSH T109188C5263A609D6F9F7DA348AE65213DA73BC067B3082CF724C17261F736E04976B21
TrID 48.7% (.EXE) Win64 Executable (generic) (10522/11/4)
23.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.3% (.EXE) OS/2 Executable (generic) (2029/13)
9.2% (.EXE) Generic Win/DOS Executable (2002/3)
9.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter JAMESWT_WT
Tags:exe StealitPublic

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
Verdict:
Malicious activity
Analysis date:
2025-10-13 13:18:17 UTC
Tags:
stealit stealer
Link:
https://app.any.run/tasks/09fb4b95-c01d-4703-9b1e-205406944309

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68ecfe8ef2ca2f143e420fe3
Tags:
xtreme shell sage
Result
Verdict:
Malware
Maliciousness:

Behaviour
Using the Windows Management Instrumentation requests
DNS request
Sending a custom TCP request
Creating a file
Running batch commands
Creating a process with a hidden window
Launching a process
Creating a file in the %temp% subdirectories
Launching the process to interact with network services
Searching for the window
Launching a tool to kill processes
Adding an exclusion to Microsoft Defender
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm crypto expand fingerprint lolbin microsoft_visual_cc
Link:
https://www.filescan.io/uploads/68ecfe7c71883144ef3453e0/reports/ef2fefb3-5df8-4170-8298-b43bbec544ef/overview
Verdict:
Malicious
Labled as:
Generik.JURQQSX trojan
Link:
https://www.hybrid-analysis.com/sample/bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-10-13T10:48:00Z UTC
Last seen:
2025-10-14T03:46:00Z UTC
Hits:
~1000
Detections:
Trojan.Win64.Alien.gpx PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5/results?tab=lookup
Score:
71%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
Gathering data
Verdict:
Malicious
Threat:
Trojan.Stealit/Qnsza
Link:
https://tip.neiki.dev/file/bce880db8af3cb0d20d377ba2d2bdc5e5613479c92e4dcb369fa67e5e560c0b5
Threat name:
Win64.Trojan.StealIt
Create hunting rule
Status:
Malicious
First seen:
2025-09-03 00:57:31 UTC
File Type:
PE+ (Exe)
Extracted files:
4
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtuibw4k6pfq2igto65c2k64lzlbgr44slsnzm3j7jt6lzlayc2q._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion execution
Link:
https://tria.ge/reports/251013-qqzg4szjt6/
Behaviour
Kills process with taskkill
Runs net.exe
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/733667e6-7a8b-451a-836c-81d654ab5cdd
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments