MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815
SHA3-384 hash: 02f4a6d7f6097b3b25a1a5e48c9785663060c602538903b049aff01dd564ed2a37153fdf80bef3597bb47322eb65d76b
SHA1 hash: 3560f9fa673ba402c5182f91528bee75b8099164
MD5 hash: a3aba9e9c7433ad6011ded36cbf3e8e7
humanhash: lithium-minnesota-virginia-sweet
File name:file
Download: download sample
File size:92'171'776 bytes
First seen:2025-12-14 15:33:26 UTC
Last seen:2025-12-15 06:23:48 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9bf3f5698d1c8e5d8bbe8d194ac5d544
ssdeep 786432:YpNzhI+nsVt6mHaIvAN6v+s4pgPVlcmg:YDNI+nsPcN6v+A
TLSH T134187D13B3A704D5E8F7DA7496E65223A932BC062F3085DF324C47261F73AE05A76B61
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543


Avatar
Bitsight
url: http://193.233.126.177/bigdir/files/cherry121.exe

Intelligence

File Origin
# of uploads :
5
# of downloads :
2'080
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/57193d37-d25c-431c-97e7-eced732bb5f5/
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Suspicious activity
Analysis date:
2025-12-14 15:35:51 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/36fed3ac-7299-49cd-a367-dd6031b18ae0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693ed90b039c1dfc73392cfc
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug crypto fingerprint microsoft_visual_cc
Link:
https://www.filescan.io/uploads/693ed8f71eac7b9b76a9ac53/reports/243ecb0b-2f84-4779-a8d5-89c2a4aa6f40/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-12-14T12:47:00Z UTC
Last seen:
2025-12-15T12:13:00Z UTC
Hits:
~1000
Detections:
Trojan.Win32.Inject.aqvkp Trojan.Win32.Inject.sb RiskTool.BitCoinMiner.TCP.C&C
Link:
https://opentip.kaspersky.com/c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815/results?tab=lookup
Score:
81%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-13 23:20:58 UTC
File Type:
PE+ (Exe)
Extracted files:
11
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zg7tisnxgdocxr5jrcqa32yuh5ml7ke2yhfz5mms6tk6beqlbakq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/251214-szwhxswmcq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates processes with tasklist
Checks computer location settings
Command and Scripting Interpreter: PowerShell
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/bd752c06-6e51-4c56-876d-e66cc6de4e44
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe c9bf3449b730dc2bc7a988a00deb143f58bfa89ac1cb9eb192f4d5e0920b0815

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3733580/

Comments