MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2
SHA3-384 hash: 7ee982eb5eb308f372c98c018fae87a0f339ac36b651fc92808b70256011cac26c97fc7100e03e5bd9d3705cf39f9e00
SHA1 hash: 7632243ed1b9404710a1ab9d320859cb66618eb1
MD5 hash: 9a94580d1c592c902141d35fd15eee1e
humanhash: green-monkey-winner-wyoming
File name:scanner.exe
Download: download sample
File size:1'671'680 bytes
First seen:2025-09-01 09:27:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash f8275c5beb3304df58e6954d6c811f4c
ssdeep 24576:ffw5Yx/hUagUNdp2mE3Pc4F/OYV76TYX5RslVhJwKcFFfxew6Jxp:ffw5Yx/2agUra3Pc4F/7N6lVhJwKcv3
TLSH T1E3757C43E69681EAC06DC079875BA237FB72B84D4724A6EB6BD44B213E57F50AF0D304
TrID 63.5% (.EXE) Win64 Executable (generic) (10522/11/4)
12.2% (.EXE) OS/2 Executable (generic) (2029/13)
12.0% (.EXE) Generic Win/DOS Executable (2002/3)
12.0% (.EXE) DOS Executable Generic (2000/1)
Magika pebin
Reporter abuse_ch
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
SE SE
Vendor Threat Intelligence
Malware family:
amadey
Create hunting rule
ID:
1
File name:
crypted_tg_7391706713.exe
Verdict:
Malicious activity
Analysis date:
2025-08-31 21:07:36 UTC
Tags:
lumma stealer amadey botnet loader rdp
Link:
https://app.any.run/tasks/06ad732a-43ba-49b8-b26c-b6e6d08c85c8

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/24485/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68b56744eb163e0ec183f721
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug microsoft_visual_cc obfuscated
Link:
https://www.filescan.io/uploads/68b5677539a6221faa78751d/reports/38234b4d-99f0-4da6-8d1b-5193dcebbb78/overview
Verdict:
Suspicious
Labled as:
Malware_49.2
Link:
https://www.hybrid-analysis.com/sample/ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2
Verdict:
Malicious
File Type:
exe x64
First seen:
2025-08-31T15:55:00Z UTC
Last seen:
2025-08-31T15:55:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3d3ede83-3902-4643-9970-6325c837e992
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
5 / 100
Link:
https://www.joesandbox.com/analysis/1768829
Behaviour
Behavior Graph:
n/a
Score:
91%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/9a94580d1c592c902141d35fd15eee1e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ypxmphbqa53o75wpj2o6uqy6oep5jdqu4iy234dree3ek7ckdja._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250901-lf232ayvex/
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/6a6e419b-a63d-4bb4-91a7-0dda4f666856
Unpacked files
SH256 hash:
ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2
MD5 hash:
9a94580d1c592c902141d35fd15eee1e
SHA1 hash:
7632243ed1b9404710a1ab9d320859cb66618eb1
Link:
https://www.unpac.me/results/47489b9d-ee65-46bf-8a6a-2edfd3da7d0c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe ee1f763ce1803bb77fb67a74ef5218f388fea470a7118d6f838909b22be250d2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3615053/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3615059/
Cape
Cape
https://www.capesandbox.com/analysis/24485/

Comments