MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87
SHA3-384 hash: 1a7f8227d8bd0ddb48df4cf6fe1be77b945f5b71454bd005817fd49ff2829f8cc8dcdff041e97cb7e26c43cc3037275b
SHA1 hash: f9864008e847e8ab60f7326477c292623b694f41
MD5 hash: 7a5e3dffa39575d876da23f538c7ecf9
humanhash: indigo-hot-foxtrot-quiet
File name:AppFile.exe
Download: download sample
File size:338'432 bytes
First seen:2025-04-10 11:25:12 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash bf95d1fc1d10de18b32654b123ad5e1f (327 x LummaStealer, 65 x Rhadamanthys, 25 x Vidar)
ssdeep 3072:jGszWOITsEL50jl7ydgKP1UFWwkkp6+vO0GWPv3fbjDXYM2v0JetF6iBHy5JZA+v:ZzZZw0x
TLSH T13674E8A34EE31C68FAAD0073ACEDC6385B5D3B5F87514A47E0F79D326A96C830B06915
TrID 47.3% (.EXE) Win32 Executable MS Visual C++ (generic) (31206/45/13)
15.9% (.EXE) Win64 Executable (generic) (10522/11/4)
9.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
7.6% (.EXE) Win16 NE executable (generic) (5038/12/1)
6.8% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 6062e2e2d0c4fc18 (2 x RiseProStealer, 1 x RedLineStealer, 1 x LummaStealer)
Reporter abuse_ch
Tags:de-pumped exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
451
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
AppFile.exe
Verdict:
No threats detected
Analysis date:
2025-04-10 12:53:24 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/d2ab052b-b381-4acd-957e-f25a987deca9

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/1586/
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f7b074d6e7c3effaceec26
Tags:
malware
Result
Verdict:
Clean
Maliciousness:

Behaviour
Creating a window
Verdict:
Malicious
Labled as:
Trojan.Agent.oa
Link:
https://www.hybrid-analysis.com/sample/ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b40fde23-5b80-4614-a344-06e1fef00940
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1661803
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
26%
Verdict:
Benign
File Type:
PE
Link:
https://malprob.io/report/ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zj2rm4yg7hjzequkusoqpuxdtfsqf4p4remfv35ndi33ejezx6dq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250410-njdkysznt5/
Behaviour
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/a5967dab-20d8-4175-89d7-cddd66e98097
Unpacked files
SH256 hash:
ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87
MD5 hash:
7a5e3dffa39575d876da23f538c7ecf9
SHA1 hash:
f9864008e847e8ab60f7326477c292623b694f41
Link:
https://www.unpac.me/results/a6ad170b-baa9-4d01-a1ea-216c1910cd45/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RiseProStealer

rar 0cdec19adb735aca908f217797e20640983530d126d56beb20fde22886234cf2

Executable exe ca75167306f9d392428aa49d07d2e3996502f1fc89185aefad1a37b22499bf87

(this sample)

  
Dropped by
MD5 95e77bdf04b7031650d6c6db30407cbd
  
Dropped by
SHA256 0cdec19adb735aca908f217797e20640983530d126d56beb20fde22886234cf2
Cape
Cape
https://www.capesandbox.com/analysis/1586/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_NXMissing Non-Executable Memory Protectioncritical
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh
Reviews
IDCapabilitiesEvidence
COM_BASE_APICan Download & Execute componentsole32.dll::CoCreateInstance
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteW
SHELL32.dll::SHFileOperationW
SHELL32.dll::SHGetFileInfoW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::LoadLibraryW
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::GetDiskFreeSpaceW
KERNEL32.dll::GetCommandLineW
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
KERNEL32.dll::GetWindowsDirectoryW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegQueryValueExW
ADVAPI32.dll::RegSetValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::AppendMenuW
USER32.dll::EmptyClipboard
USER32.dll::FindWindowExW
USER32.dll::OpenClipboard
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments