MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 13

Intelligence 13 IOCs YARA 7 File information Comments

SHA256 hash:	c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea
SHA3-384 hash:	0677945e762fd25d138c2e906f14876f9acf55388ecb7d37b4f763fc21db1353fe265fdaeec84baf267b85417ea0eb2f
SHA1 hash:	9a9e2b3be85c5eb13faaef9d42124c85a9d42579
MD5 hash:	213af9fe5a10b7e106d2207ef3c5425d
humanhash:	lemon-muppet-aspen-mexico
File name:	SecuriteInfo.com.Win64.MalwareX-gen.21165483
Download:	download sample
File size:	32'256 bytes
First seen:	2025-12-21 10:32:56 UTC
Last seen:	2025-12-21 11:20:00 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2530a16bbdceacdf239a430ffb41c4bb
ssdeep	768:M7iBoVbHhCja6dAH3GV6znFSmO/Vp+PQOs3N:M2B4tHTGV6bF+NQPHwN
TLSH	T1E6E2E01353F8266AFAF962743147A3642F30F81C5B6617C3B312226E2C95041CFBD799
TrID	63.5% (.EXE) UPX compressed Win64 Executable (70117/5/12) 24.5% (.EXE) UPX compressed Win32 Executable (27066/9/6) 4.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 1.8% (.ICL) Windows Icons Library (generic) (2059/9) 1.8% (.EXE) OS/2 Executable (generic) (2029/13)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe UPX

UPX packed

This file is packed with UPX. We have therefore unpacked the file. Below is furhter information about the unpacked (de-compressed) file.

File size (compressed) :	32'256 bytes
File size (de-compressed) :	67'584 bytes
Format:	win64/pe
Unpacked file:	fd9145bc43e7fb92d17da36a5940210057d2dd8f7ddf1cc4d2448dce97177522

Intelligence

File Origin

# of uploads :

# of downloads :

114

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

PEPacker

Details

PEPacker

a UPX version number and an unpacked binary

Link:

https://research.acce.ciphertechsolutions.com/results/4eb4857a-6e3b-40d5-bc63-0fe70be762c6/

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win64.MalwareX-gen.21165483

Verdict:

Suspicious activity

Analysis date:

2025-12-21 10:33:46 UTC

Tags:

auto-startup upx

Link:

https://app.any.run/tasks/4d24a9da-df36-4b7d-8eba-9e36e772cd38

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45643/

Detection(s):

SecuriteInfo.com.Win64.MalwareX-gen.21165483.UNOFFICIAL

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6947cceba6c88bb4cc232e7b

Tags:

backdoor autorun flooder virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

Сreating synchronization primitives

DNS request

Connection attempt

Sending a custom TCP request

Enabling autorun by creating a file

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug barys crypto fake packed packed packed packed unsafe upx

Link:

https://www.filescan.io/uploads/6947cce93f8fdbf8e94d7d65/reports/5aed56f7-bd5e-40da-88c6-6bba2890dc18/overview

Verdict:

Malicious

Labled as:

Dacic.6942.Generic

Link:

https://www.hybrid-analysis.com/sample/c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-12-20T11:10:00Z UTC

Last seen:

2025-12-22T09:52:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea/results?tab=lookup

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/9a9158c8-3473-436f-8d01-43fdb30d0090

Score:

81%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/213af9fe5a10b7e106d2207ef3c5425d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea/

Threat name:

Win64.Trojan.Dacic

Status:

Malicious

First seen:

2025-12-21 10:24:00 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

21 of 36 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=ysfew4myfokslqt43igw6foqk24chctkd2o76c5nfo6iqbh7fpva._file

Result

Malware family:

n/a

Score:

7/10

Tags:

upx

Link:

https://tria.ge/reports/251223-ldqbfs1qdv/

Behaviour

UPX packed file

Drops startup file

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/9e267d00-e93f-437d-8104-cd9bc8cbeec9

Unpacked files

SH256 hash:

c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea

MD5 hash:

213af9fe5a10b7e106d2207ef3c5425d

SHA1 hash:

9a9e2b3be85c5eb13faaef9d42124c85a9d42579

Link:

https://www.unpac.me/results/97df8c0b-e048-41df-aed7-4bae21306889/

SH256 hash:

fd9145bc43e7fb92d17da36a5940210057d2dd8f7ddf1cc4d2448dce97177522

MD5 hash:

7337b1d9fb55350eea6bde0641f36ce4

SHA1 hash:

13295f4fce768b333687ba55a6afc757c4213cfd

Link:

https://www.unpac.me/results/97df8c0b-e048-41df-aed7-4bae21306889/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.89

Link:

https://yomi.yoroi.company/submissions/c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__RemoteAPI Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Disable_Defender Create hunting rule
Author:	iam-py-test
Description:	Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe c48a4b71982b9525c27cda0d6f15d056b8238a6a1e9dff0bad2bbc8804ff2bea

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3738811/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/45643/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample