MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21
SHA3-384 hash: 12e8fd9b4bafe43c40cdf8c67306fdae13f786b8b99a0e2cb01e9fd8bed4c6cec2680814bc341c5cd40cbfefc7c51751
SHA1 hash: c789faf1eeff8a06a6345005341b096a1e0c0cfe
MD5 hash: ed6bab4edf384a23ba544658fbb234d6
humanhash: batman-maryland-idaho-washington
File name:file
Download: download sample
File size:25'600 bytes
First seen:2026-06-10 07:28:44 UTC
Last seen:2026-06-10 09:46:16 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a2706f6f638154d2b431abe5e1551efb (2 x StealeriumStealer)
ssdeep 768:JpmljpNfUDnCy8Dbmk5lwkeshAAAAAA6C:Jpm9pRUDnCyGbmk5Oke5C
TLSH T185B22B06E3B304BCC49CC7B5C22F9512AEBE3C161B60BADF27A126297D307947529E75
TrID 51.9% (.EXE) Win64 Executable (generic) (6522/11/2)
16.1% (.EXE) OS/2 Executable (generic) (2029/13)
15.9% (.EXE) Generic Win/DOS Executable (2002/3)
15.9% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon 00a5d2a4b45a5e2a
Reporter Bitsight
Tags:c dropped-by-gcleaner exe MIX4.file


Avatar
Bitsight
url: http://158.94.209.95/service

Intelligence

File Origin
# of uploads :
3
# of downloads :
147
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
_bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21.exe
Verdict:
No threats detected
Analysis date:
2026-06-10 07:32:07 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/9357a808-c7a0-41f9-9b20-996453dee8b1

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/70427/
Detection(s):
SecuriteInfo.com.Variant.Yogi.3734.19935562.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a29126234eaf30d8ce469a5
Tags:
obfuscated ransomware
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
hacktool
Link:
https://www.filescan.io/uploads/6a2912601f652d6865748bac/reports/553d0bd6-3e9a-4c29-ae5b-a133cbc2ab0e/overview
Verdict:
Malicious
Labled as:
Yogi.Generic
Link:
https://www.hybrid-analysis.com/sample/bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21
Verdict:
Malicious
File Type:
exe x64
First seen:
2026-06-10T02:33:00Z UTC
Last seen:
2026-06-10T02:47:00Z UTC
Hits:
~100
Link:
https://opentip.kaspersky.com/bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3e98e918-db62-4635-8600-63ffa2aa000f
Score:
28%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21/
Threat name:
Win64.Dropper.Yogi
Create hunting rule
Status:
Malicious
First seen:
2026-06-10 07:29:36 UTC
File Type:
PE+ (Exe)
Extracted files:
4
AV detection:
9 of 36 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x75knnpqnhoadtxnvfbkkiigz5s2kiofdhse75y62krrva2nnmqq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260610-jbh39afs8w/
Unpacked files
SH256 hash:
bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21
MD5 hash:
ed6bab4edf384a23ba544658fbb234d6
SHA1 hash:
c789faf1eeff8a06a6345005341b096a1e0c0cfe
Link:
https://www.unpac.me/results/b695c9d2-fb1e-47a1-b6e8-2ebd83bfedcc/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe bffaa6b5f069dc01ceeda942a52106cf65a521c519e44ff71ed2a31a834d6b21

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/70427/

Comments