MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7
SHA3-384 hash: 67046bcd48f0c5f976ffb6a6832e1a74768d004ed5671213ba48fc5fcc20d84b4539fc9c06b04f94764932df1727320c
SHA1 hash: af22c780a6bcc1e89fbc9a41a2489fdba1f341f7
MD5 hash: b9a9c9d438bc6ca2fc272de4f878b8da
humanhash: mike-winter-apart-burger
File name:file
Download: download sample
File size:27'568'128 bytes
First seen:2026-04-01 10:13:14 UTC
Last seen:2026-04-02 01:07:42 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 9b760feffec4fca9c313889f9a05ee36 (1 x CobaltStrike)
ssdeep 393216:2CAbzc1qF57v/cLmkg9xytpnL5yPaf+H45Lb0d5LPaFciZquET+8e8LPUS:xMz/2XLLfF5Lb0dcST/5LP
TLSH T12D57235BA5E291D4CB830B405ACB11DD53D1B19EC9ED522D2ACF5803B431FAB8B89E73
TrID 25.4% (.ICL) Windows Icons Library (generic) (2059/9)
25.0% (.EXE) OS/2 Executable (generic) (2029/13)
24.7% (.EXE) Generic Win/DOS Executable (2002/3)
24.7% (.EXE) DOS Executable (generic) (2000/1)
Magika pebin
dhash icon 6563bbd756505189 (2 x Rhadamanthys, 2 x QuasarRAT, 2 x RustyStealer)
Reporter Bitsight
Tags:c dropped-by-gcleaner exe MIX4.file


Avatar
Bitsight
url: http://158.94.209.95/service

Intelligence

File Origin
# of uploads :
15
# of downloads :
108
Origin country :
US US
Vendor Threat Intelligence
Gathering data
Malware family:
n/a
ID:
1
File name:
file
Verdict:
No threats detected
Analysis date:
2026-04-01 10:15:10 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/75f27d7c-9233-4eeb-90b6-1fc9a29a2f19

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Gathering data
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ccefcc3a18a6e1ddf044a1
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Sending a custom TCP request
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin packed xwizard
Link:
https://www.filescan.io/uploads/69cceff92346b9da57b66e72/reports/b16fffb5-f3d3-4ddc-afea-ac9375c64976/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7
Result
Gathering data
Verdict:
Clean
File Type:
exe x64
Link:
https://opentip.kaspersky.com/e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/b9a9c9d438bc6ca2fc272de4f878b8da
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4yrvw7thr3pvyit3qtm2fskvzxxpwf57ynnekz76uhx3wbmxol3q._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/260401-l9bg6sbs8m/
Behaviour
Suspicious use of NtSetInformationThreadHideFromDebugger
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.14
Link:
https://yomi.yoroi.company/submissions/e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e6235b7e678edf5c227b84d9a2c955cdeefb17bfc35a4567fea1efbb059772f7

(this sample)

  
Dropped by
Gcleaner
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/60028/

Comments