MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 4 File information Comments

SHA256 hash:	e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f
SHA3-384 hash:	9fd7bfefe89ff45f9fd994d6c12da385046447814e2428be9119a6f87e607c75091c7b795b0f609bafbbc339337e8141
SHA1 hash:	e25311201552613e1a33554a3df5b61519082bcf
MD5 hash:	263ebaf24aec7b8201dd6c5603395266
humanhash:	spaghetti-speaker-lima-kentucky
File name:	Quote 240145.exe
Download:	download sample
File size:	1'232'384 bytes
First seen:	2026-04-28 21:25:07 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f34d5f2d4577ed6d9ceec516c1f5a744 (48'878 x AgentTesla, 19'800 x Formbook, 12'305 x SnakeKeylogger)
ssdeep	24576:QpTZ/iC9rct46en6pJKv4cjq/tZ3i6t1:An6gmZ3N
TLSH	T120451261FF09C591C04D0AF6CFFAE17442B24DE66501C223A6E9FDAF7DB8B8164385A4
TrID	73.9% (.EXE) Generic CIL Executable (.NET, Mono, etc.) (73123/4/13) 6.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 6.6% (.EXE) Win64 Executable (generic) (6522/11/2) 4.5% (.EXE) Win32 Executable (generic) (4504/4/1) 2.0% (.ICL) Windows Icons Library (generic) (2059/9)
Magika	pebin
dhash icon	5c1c78c9e072f1d8 (9 x Formbook, 3 x RedLineStealer, 2 x AgentTesla)
Reporter	jahlives
Tags:	exe exe-in-archive spamtrap

Intelligence

File Origin

# of uploads :

# of downloads :

145

Origin country :

Vendor Threat Intelligence

Malware configuration found for:

RoboSki

Details

Link:

https://research.acce.ciphertechsolutions.com/results/22fabbd5-9105-4c43-ad0c-824e82481a0a/

Malware family:

n/a

ID:

File name:

exe

Verdict:

No threats detected

Analysis date:

2026-04-28 21:25:57 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/1363d9d9-e0e3-459e-a61f-ff7ba046f687

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/63937/

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Searching for synchronization primitives

Launching the default Windows debugger (dwwin.exe)

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated packed soft-404 vbnet

Link:

https://www.filescan.io/uploads/69f125e081aa9ec3bc303c50/reports/6a919b04-0129-4fb2-9854-dab693dee14c/overview

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-04-28T13:38:00Z UTC

Last seen:

2026-04-29T06:55:00Z UTC

Hits:

~100

Detections:

VHO:Trojan.MSIL.Exnet.gen UDS:DangerousObject.Multi.Generic

Link:

https://opentip.kaspersky.com/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f/results?tab=lookup

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/d8e5d1bc-bb6b-4d9c-ac7d-e51dd3102ce1

Score:

100%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f/

Verdict:

Malicious

Threat:

VHO:Trojan.MSIL.Exnet

Link:

https://tip.neiki.dev/file/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f

Threat name:

ByteCode-MSIL.Trojan.RedlineStealer

Status:

Malicious

First seen:

2026-04-28 20:43:22 UTC

File Type:

PE (.Net Exe)

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4twir4tgdtebb7t35v2k36qosrfzmotlbyvpukztfw65baycvuxq._file

Result

Malware family:

n/a

Score:

5/10

Tags:

discovery

Link:

https://tria.ge/reports/260428-z91zqaav3q/

Behaviour

Program crash

System Location Discovery: System Language Discovery

SmartAssembly .NET packer

Unpacked files

SH256 hash:

e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f

MD5 hash:

263ebaf24aec7b8201dd6c5603395266

SHA1 hash:

e25311201552613e1a33554a3df5b61519082bcf

Link:

https://www.unpac.me/results/e0a1fe15-ea47-4472-917d-699f9b02e8ee/

SH256 hash:

bb3d24d570246fb54547b0d454490b1e026107622834a38d1f4dec21cafde9da

MD5 hash:

0037d5c7c53b634805bc44f1992201e8

SHA1 hash:

04755854d1d5f286fdc4907768d99bc28e95f3f8

Link:

https://www.unpac.me/results/e0a1fe15-ea47-4472-917d-699f9b02e8ee/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e4ec88f2661cc810fe7bed74adfa0e944b963a6b0e2afa2b332dbdd08302ad2f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETexecutableMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_imphash Create hunting rule

Rule name:	Skystars_Malware_Imphash Create hunting rule
Author:	Skystars LightDefender
Description:	imphash

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/63937/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample