MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e
SHA3-384 hash: d6b1dc082c56f0315e5ab42dc4a1f23c60dd5e964a747cbd0b23af3ab10a4ac23dce94fdb9faccce142f6b41595ea764
SHA1 hash: 24806318708726bcb884e97bfda172e378af8ca3
MD5 hash: 7fc18a3383cc72c9b901d165a8b28771
humanhash: nuts-fillet-october-maryland
File name:QuickSuiteSetup.exe
Download: download sample
File size:82'371'830 bytes
First seen:2026-06-24 12:51:03 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 88016fcdef7f227c62171d0afad9aae4 (12 x OffLoader, 10 x ValleyRAT, 4 x Stealc)
ssdeep 1572864:iSyoUioZrM9ABcshf7MCQXuaKA+EHdggT86/TEk71ksJTVqLu:iLMias1TYKIHdggT8cpksJBqLu
TLSH T10F083377F157723CE05A8A3575B69220983FAD1199030D2A86ECF88DDF356702A3E793
TrID 50.8% (.EXE) Inno Setup installer (107240/4/30)
20.4% (.EXE) InstallShield setup (43053/19/16)
19.7% (.EXE) Win32 EXE PECompact compressed (generic) (41569/9/9)
3.0% (.EXE) Win64 Executable (generic) (6522/11/2)
2.1% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika pebin
dhash icon 5050d270cccc82ae (112 x Adware.Generic, 77 x OffLoader, 43 x LummaStealer)
Reporter smica83
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
198
Origin country :
HU HU
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/44e64b9a-6e0a-4321-a49d-622190e4e02e/
Malware family:
n/a
ID:
1
File name:
exe
Verdict:
No threats detected
Analysis date:
2026-06-24 12:56:31 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/f6a1d8cf-ab60-4207-89d2-0391f5783cc6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Clean
Score:
N/A%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a3bd2ec1548daf709f96f97
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the %temp% subdirectories
Creating a window
Creating a process from a recently created file
Сreating synchronization primitives
Searching for synchronization primitives
Creating a file
Launching a service
Creating a file in the %AppData% directory
DNS request
Unauthorized injection to a recently created process
Connection attempt
Sending a custom TCP request
Loading a suspicious library
Creating a file in the %AppData% subdirectories
Moving a file to the %AppData% subdirectory
Enabling autorun with the standard Software\Microsoft\Windows\CurrentVersion\Run registry branch
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context crypto embarcadero_delphi fingerprint inno installer installer installer-heuristic packed reconnaissance similar-threat
Link:
https://www.filescan.io/uploads/6a3bd2df9799578a6c49c2b0/reports/ae999741-7b60-417c-9a19-dfd221918e82/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e
Verdict:
Malicious
File Type:
exe x32
First seen:
2026-06-22T13:25:00Z UTC
Last seen:
2026-06-24T22:16:00Z UTC
Hits:
~100
Detections:
Trojan-Dropper.Win32.Agent.tkjexb HEUR:Trojan.Script.Agent.gen Trojan-Dropper.Win32.Injector.sb
Link:
https://opentip.kaspersky.com/cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1933149
Signature
Drops large PE files
Unusual module load detection (module proxying)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1933149 Sample: QuickSuiteSetup.exe Startdate: 24/06/2026 Architecture: WINDOWS Score: 48 46 web-telegram.ug 2->46 48 chrome.cloudflare-dns.com 2->48 8 QuickSuiteSetup.exe 2 2->8         started        11 Franz.exe 1 2->11         started        13 Franz.exe 2->13         started        process3 file4 36 C:\Users\user\AppData\...\QuickSuiteSetup.tmp, PE32 8->36 dropped 15 QuickSuiteSetup.tmp 305 8->15         started        19 Franz.exe 1 11->19         started        21 Franz.exe 1 11->21         started        23 Franz.exe 13->23         started        25 Franz.exe 13->25         started        process5 file6 38 C:\Users\user\AppData\Local\...\vulkan-1.dll, PE32+ 15->38 dropped 40 C:\Users\user\AppData\...\vk_swiftshader.dll, PE32+ 15->40 dropped 42 C:\Users\user\AppData\Local\...\libGLESv2.dll, PE32+ 15->42 dropped 44 10 other files (none is malicious) 15->44 dropped 54 Drops large PE files 15->54 27 Franz.exe 1 4 15->27         started        signatures7 process8 dnsIp9 50 web-telegram.ug 172.67.160.218, 443, 49696, 49698 CLOUDFLARENET-CloudflareIncUS Canada 27->50 56 Unusual module load detection (module proxying) 27->56 31 Franz.exe 1 27->31         started        34 Franz.exe 1 27->34         started        signatures10 process11 dnsIp12 52 chrome.cloudflare-dns.com 162.159.61.3, 443, 49699, 49701 CLOUDFLARENET-CloudflareIncUS Canada 31->52
Score:
68%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e
Gathering data
Verdict:
Malicious
Threat:
DangerousObject.Multi
Link:
https://tip.neiki.dev/file/cd5a2e5352fddb3e46c36fe52ce460e3fbcf79a26b5421509f4a9a4a4fbd7c0e
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zvnc4u2s7xnt4rwdn7sszzda4p5466ncnnkccue7jkneut55pqha._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery installer persistence
Link:
https://tria.ge/reports/260624-p3v5sacv6j/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Inno Setup is an open-source installation builder for Windows applications.
System Location Discovery: System Language Discovery
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments