MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60
SHA3-384 hash: 6d5fbc10d4316135386839223cc86c4d7477e5c58069eabd62c1a6cf62fcfb98cbc3f589816c66da051813d3be061d78
SHA1 hash: 942dc9fa3889ada99292f5227355e4f99687454c
MD5 hash: 925a815b94cbd192f68c51f6e156c2ec
humanhash: sad-moon-artist-glucose
File name:SecuriteInfo.com.W32.GenKryptik.HJNZ.tr.13545.6662
Download: download sample
File size:9'339'904 bytes
First seen:2025-06-26 16:19:47 UTC
Last seen:2025-06-26 17:21:39 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash bb3fe1bec5cbd486134027daae4ac310
ssdeep 196608:PncOxRh/7Nzm9E6qxhFDjccqZKpVcoEfFQfYqXwCiPMJjejSxrAhirS:kMR1J/6S3LMoq7qXzikJjt
TLSH T190963319D513C0D3E8DB2074FF6A6E8A18B22C931547D53CC9D2B73988A6F617B4E293
TrID 30.2% (.EXE) Win64 Executable (generic) (10522/11/4)
18.9% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
14.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
12.9% (.EXE) Win32 Executable (generic) (4504/4/1)
5.9% (.ICL) Windows Icons Library (generic) (2059/9)
Magika pebin
dhash icon 71ec922b2bb2cc71
Reporter SecuriteInfoCom
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
457
Origin country :
FR FR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
SecuriteInfo.com.W32.GenKryptik.HJNZ.tr.13545.6662
Verdict:
Malicious activity
Analysis date:
2025-06-26 16:22:11 UTC
Tags:
lumma stealer qrcode
Link:
https://app.any.run/tasks/1aa687fc-e10b-4b3d-a7f6-be0f7bd499f3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/11269/
Detection(s):
SecuriteInfo.com.W32.GenKryptik.HJNZ.tr.13545.6662.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685d7368b06783b9ebd83eb4
Tags:
n/a
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Connection attempt
Sending a custom TCP request
Using the Windows Management Instrumentation requests
Сreating synchronization primitives
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
microsoft_visual_cc packed packer_detected
Link:
https://www.filescan.io/uploads/685d735a45e80b29f89fedf1/reports/4fb251d1-50ac-468c-bdc0-b30ae93027b1/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_70%
Link:
https://www.hybrid-analysis.com/sample/e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60
Malware family:
AtlasAgent
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/62e1e55d-8ec0-4fde-95c2-7b676de64351
Score:
97%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) Win 32 Exe x86
Link:
https://app.malva.re/file/925a815b94cbd192f68c51f6e156c2ec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-26 16:20:47 UTC
File Type:
PE (Exe)
Extracted files:
19
AV detection:
20 of 24 (83.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5bduz6lxrizwunpmvrknfocoszhoobdyywp4grrmbkvmskrun5qa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery spyware stealer
Link:
https://tria.ge/reports/250626-ttfqysvzcs/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Browser Information Discovery
System Location Discovery: System Language Discovery
Accesses cryptocurrency files/wallets, possible credential harvesting
Checks installed software on the system
Reads user/profile data of local email clients
Reads user/profile data of web browsers
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/0e7b5a6a-0341-4ac0-88d7-c6803dca8bcc
Unpacked files
SH256 hash:
e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60
MD5 hash:
925a815b94cbd192f68c51f6e156c2ec
SHA1 hash:
942dc9fa3889ada99292f5227355e4f99687454c
Link:
https://www.unpac.me/results/8c1542ec-fcae-4026-98ba-abcfab32723f/
Malware family:
Lumma
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/e8474cf9778a/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe e8474cf9778a336a35ecac54d2b84e964ee70478c59fc3462c0aaac92a346f60

(this sample)

Cape
Cape
https://www.capesandbox.com/analysis/11269/
  
URLhaus
https://urlhaus.abuse.ch/url/3570255/
  
Delivery method
Distributed via web download

Comments