MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 12

Intelligence 12 IOCs YARA 2 File information Comments

SHA256 hash:	e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76
SHA3-384 hash:	f7323034eebbb716137984a3672caf27062ca7f9c41887cc3f0bfba0e54a6b6aea5e28261f5f49e7b50275ed20a01e6e
SHA1 hash:	2df65e6ab96c8c65fa91d84d379f0af2977a6a3a
MD5 hash:	8523f2ff3ff13e510a9bf75665562b3b
humanhash:	yellow-wyoming-indigo-mirror
File name:	mvnac.exe
Download:	download sample
File size:	81'408 bytes
First seen:	2026-02-27 07:43:39 UTC
Last seen:	2026-02-27 08:33:10 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	2fde00c1d5d2abaae0366099ef60eb01
ssdeep	1536:jSlrqxJMwz/g5+6WUQ+NiO/CRr5zs6hOoyPix:jSlSq5+6WUz7ql5zsgOoyPix
TLSH	T1FB830803BB4B80B2F59921B118AB276B427F744557215EFBEB803F5E4C346D1ED3618A
TrID	36.5% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 14.5% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 14.4% (.EXE) Win64 Executable (generic) (6522/11/2) 11.1% (.EXE) Win16 NE executable (generic) (5038/12/1) 9.9% (.EXE) Win32 Executable (generic) (4504/4/1)
Magika	pebin
Reporter	smica83
Tags:	apt Bitter exe

Intelligence

File Origin

# of uploads :

# of downloads :

125

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76.exe

Verdict:

No threats detected

Analysis date:

2026-02-27 07:44:33 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/52460bef-a66e-4ba4-ae1d-d3c7cc9b2166

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/54829/

Detection(s):

SecuriteInfo.com.Win32.MalwareX-gen.21779414.UNOFFICIAL

Verdict:

Clean

Score:

89.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a14b52c950ab5d9ab2073c

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

adaptive-context microsoft_visual_cc unsafe wmrat

Link:

https://www.filescan.io/uploads/69a14b4dcd25bfe1dfdbb914/reports/4d6c08d9-440f-46b7-a8c3-c0ec1191604a/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76

Verdict:

Malicious

File Type:

exe x32

First seen:

2026-02-11T09:39:00Z UTC

Last seen:

2026-02-11T15:24:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Spy.Win32.Agentb.gen

Link:

https://opentip.kaspersky.com/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76/results?tab=lookup

Malware family:

WmRAT

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/ab365970-ea8c-4d4f-94f7-e8a837fad7c6

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1875801

Signature

Found evasive API chain (may stop execution after checking volume information)

Found stalling execution ending in API Sleep call

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Behaviour

Behavior Graph:

Download SVG

Score:

90%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76/

Verdict:

Malicious

Threat:

Trojan-Spy.Win32.Agentb

Link:

https://tip.neiki.dev/file/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-11 17:49:00 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=422shz34gg4j7dvtjciappyuwo45gs6dq4fj3fxm664z56sqnr3a._file

Verdict:

malicious

Label(s):

wmrat

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/260227-jkxm1agx2d/

Behaviour

System Location Discovery: System Language Discovery

Unpacked files

SH256 hash:

e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76

MD5 hash:

8523f2ff3ff13e510a9bf75665562b3b

SHA1 hash:

2df65e6ab96c8c65fa91d84d379f0af2977a6a3a

Link:

https://www.unpac.me/results/11b2b422-4e55-4e0d-b02e-8dbdfdd48011/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e6b523e77c31b89f8eb3489007bf14b3b9d34bc3870a9d96ecf7b99efa506c76

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	APT_IN_TA397_wmRAT Create hunting rule
Author:	Proofpoint
Description:	track wmRAT based on socket usage, odd error handling, and reused strings
Reference:	https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/54829/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample