MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d
SHA3-384 hash: 77ffc0907012b590ed50158c7b6f5c3ab89c3af6b07b0c61cdbd6ab778f953b3fa17fe952d3afcf3b5ff446cfe99fb9b
SHA1 hash: 4d87e4808211ff9c32c8d967ea268bdf79ff2283
MD5 hash: 30537cb3508d82eb5936d2d9bd0ccbcd
humanhash: california-six-sink-finch
File name:Deepp Sleep.msi
Download: download sample
File size:29'339'648 bytes
First seen:2026-03-18 21:14:45 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 786432:iVPFbnttPdnZKPg4k4/Nf0fS8PfCo4IMPm2m3TNc7wV:4NLDPdag0NfYzHuPUmsV
TLSH T10B57334AD8A54E47E83BE43288E46C6E0971FC458F82581BA55A739B99FF7F4163C00E
TrID 86.8% (.MSI) Microsoft Windows Installer (454500/1/170)
11.6% (.MST) Windows SDK Setup Transform script (61000/1/5)
1.5% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter lfr
Tags:msi signed

Code Signing Certificate

Organisation:JetBrains s.r.o.
Issuer:JetBrains s.r.o.
Algorithm:sha256WithRSAEncryption
Valid from:2026-03-18T18:52:27Z
Valid to:2029-03-18T19:02:27Z
Serial number: 1e02029def08668a4ed46a12dbee2c5a
Thumbprint Algorithm:SHA256
Thumbprint: f0a49ca827f9ed8bfc7d29e563e13a8fd563b7e90c766dff792b9676e0f66826
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
lfr
https://tymisvik2.itch.io/deepp-sleep

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
FR FR
Vendor Threat Intelligence
Gathering data
Detection:
WinosStager
Create hunting rule
Link:
https://www.capesandbox.com/analysis/58024/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bb153488c80c01586bc6e6
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug base64 CAB crypto expand fingerprint installer installer lolbin signed
Link:
https://www.filescan.io/uploads/69bb15e9677ac46843a6b518/reports/54056a59-762d-45fa-9c84-b893e9f976b9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d
Verdict:
Malicious
File Type:
msi
Detections:
Trojan-Dropper.OLE2.Agent.sb
Link:
https://opentip.kaspersky.com/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d
Gathering data
Gathering data
Verdict:
Malicious
Threat:
Trojan-Dropper.OLE2.Agent
Link:
https://tip.neiki.dev/file/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5wtpfq3scbwww5ko46sa55izklawumsbgpkuxmrvueizl7ecw2oq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Microsoft Software Installer (MSI) msi eda6f2c372106d6b754ee7a40ef51952c16a324133d54bb235a11195fc82b69d

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/58024/

Comments