MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e
SHA3-384 hash: 8375789532e8e82ff2bd976b53bc81fb0e3d609955c9e5e46dd2bd04b8c2e20eec340973d8058c3da4ae06bec837db88
SHA1 hash: 735fc9cb33e6f29552a8ce448c117e910e0c4d92
MD5 hash: 0ca5132a4218bc3b39c08b22e4bdc0c3
humanhash: batman-crazy-nine-spring
File name:554565d6tcp.exe
Download: download sample
File size:3'584 bytes
First seen:2025-08-09 02:13:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash e82dd51b077167be63c004bed23d0c1e (40 x NetWalker, 2 x GuLoader, 1 x ShikataGaNai)
ssdeep 48:6IZUBQYxZul2EywS6Dlzjk7QLzgzIzQz4zAzo157D9N9XM/geu3ahr0/x:2BQMZ7EywS6Dln++D9vXeg
Threatray 30 similar samples on MalwareBazaar
TLSH T1CD71B741605416F2D94CE3BF8447B896FD4E7248A2C80B0B0398981A3F7107BB1D9613
TrID 38.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
15.6% (.ICL) Windows Icons Library (generic) (2059/9)
15.4% (.EXE) OS/2 Executable (generic) (2029/13)
15.2% (.EXE) Generic Win/DOS Executable (2002/3)
15.2% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter GDHJDSYDH1
Tags:backdoor exe Loader Rozena vshell

Intelligence

File Origin
# of uploads :
1
# of downloads :
879
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1.ps1
Verdict:
Malicious activity
Analysis date:
2025-08-09 01:35:32 UTC
Tags:
payload loader golang
Link:
https://app.any.run/tasks/5540b6c8-ad77-4334-8d37-29e84d456fda

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/19819/
Detection(s):
Win.Malware.Mikey-10044490-0
Create hunting rule

Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6896ad1b11d7f9b979e6cc4f
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connecting to a non-recommended domain
Connection attempt
Sending a custom TCP request
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cobalt cobalt microsoft_visual_cc packed
Link:
https://www.filescan.io/uploads/6896aecd397fd3ce6fa2e32b/reports/8cf00d4d-f247-4f79-9222-0e346380919a/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/b972f112-498b-48e2-a110-5f0c75eb0bcc
Score:
94%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) Win 64 Exe x64
Link:
https://app.malva.re/file/0ca5132a4218bc3b39c08b22e4bdc0c3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e/
Verdict:
Malicious
Threat:
Trojan.Win32.Shelm
Link:
https://tip.neiki.dev/file/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e
Threat name:
Win64.Trojan.Mikey
Create hunting rule
Status:
Malicious
First seen:
2025-08-09 02:06:21 UTC
File Type:
PE+ (Exe)
AV detection:
27 of 36 (75.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ynz34n2muluszmav3su6k4pyseb34zorfzvpejgjjladhqqioypa._file
Verdict:
malicious
Label(s):
darkbit
Create hunting rule
Similar samples:
0b5e23ef6d583c8480cc31b28acc45fb92919630b3aa87099b48d40beb6e3f4f
a15f30f20e3df05032445697c906c3a2accf576ecef5da7fad3730ca5f9c141c
a6e52081cd83449e7135410f79ee3a85b924d36b252f20cb2a2d1d3ee1aead49
edb78feaf181bb95329db37838d7749be89dde6ef84d1cac600b650a4b346d21
ee2148c1a134fb363b61013413882f531c8591647294fec99fcd37b69570cffc
error
+ 20 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250809-cnpcgafp4z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Verdict:
Malicious
Tags:
red_team_tool Win.Malware.Mikey-10044490-0
YARA:
Cobalt_functions
Link:
https://app.threat.zone/submission/85d4ebc5-25c3-408e-9f27-0da9ef1ff4a4
Unpacked files
SH256 hash:
c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e
MD5 hash:
0ca5132a4218bc3b39c08b22e4bdc0c3
SHA1 hash:
735fc9cb33e6f29552a8ce448c117e910e0c4d92
Link:
https://www.unpac.me/results/fdd49900-d0df-4b95-a928-96133c9e9e3c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat edb78feaf181bb95329db37838d7749be89dde6ef84d1cac600b650a4b346d21

Executable exe c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e

(this sample)

  
Link
https://hybrid-analysis.com/sample/c373be374ca2e92cb015dca9e571f89103be65d12e6af224c94ac033c208761e/6896acf718855dfd860742d4
  
Dropped by
SHA256 edb78feaf181bb95329db37838d7749be89dde6ef84d1cac600b650a4b346d21
  
Delivery method
Distributed via drive-by
  
Dropped by
MD5 35924ec40514d5e4faa4ea65cfe6b2c8
Cape
Cape
https://www.capesandbox.com/analysis/19819/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (GUARD_CF)high

Comments