MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b
SHA3-384 hash: 8d264383b18a65925cdec8528f2c9975ebe28504ee9e8919b1f7af687949867203fcf2f96bdf9aef100c34a18d4d019b
SHA1 hash: cd52ba2914baf651dc5a1a14ad1197a3634e87ed
MD5 hash: 5f2c032735a76f9d5fcb6b49cd4ea20b
humanhash: queen-sierra-batman-muppet
File name:file
Download: download sample
File size:2'889'816 bytes
First seen:2026-01-22 14:36:31 UTC
Last seen:2026-01-22 15:24:11 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash abb41f0bde41d590f928e806aac765ae
ssdeep 49152:lqGKJNVwfWiXFn31Mdu9VGNsb+PGQkbP2M0ECgapC:6VwfDnlMGVrqP1AAbgao
TLSH T1E7D5E0262A6F73E3F59992F1C0A074563FB8FDB54AA200F572E8457F4C215E02F2E526
TrID 44.4% (.EXE) Win64 Executable (generic) (10522/11/4)
21.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
8.7% (.ICL) Windows Icons Library (generic) (2059/9)
8.5% (.EXE) OS/2 Executable (generic) (2029/13)
8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika pebin
Reporter Bitsight
Tags:dropped-by-amadey exe fbf543 signed

Code Signing Certificate

Organisation:AdaptiveLogic_Integrated
Issuer:AdaptiveLogic_Integrated
Algorithm:sha256WithRSAEncryption
Valid from:2026-01-21T14:23:53Z
Valid to:2028-01-22T14:23:53Z
Serial number: c7f5090606aa9e4a
Thumbprint Algorithm:SHA256
Thumbprint: fd0bb267e98f4d3eba50ba5d3bbbd7386f061d247a7b5b3cf60618e931d398f1
Source:This information was brought to you by ReversingLabs A1000 Malware Analysis Platform


Avatar
Bitsight
url: http://130.12.180.43/files/8428202012/5w6TCr8.exe

Intelligence

File Origin
# of uploads :
11
# of downloads :
95
Origin country :
US US
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
file
Verdict:
Malicious activity
Analysis date:
2026-01-22 14:39:27 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/321d92d8-7da4-4573-81c4-15c707162594

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/49738/
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6972360ebcad3327ec07a4f6
Tags:
injection obfusc crypt
Verdict:
Suspicious
Labled as:
Win64/GenKryptik.HNYE trojan
Link:
https://www.hybrid-analysis.com/sample/f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b
Result
Gathering data
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/dc7eea8f-3115-4926-9c7e-e2cdd7b528ba
Score:
85%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Win 64 Exe x64
Link:
https://app.malva.re/file/5f2c032735a76f9d5fcb6b49cd4ea20b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=64ol7niiudrb2yyewlmd277fn7mmnmt724qofvczqsjd4f2efsnq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
spyware stealer
Link:
https://tria.ge/reports/260122-ry4x8sdt5e/
Behaviour
Accesses cryptocurrency files/wallets, possible credential harvesting
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b
MD5 hash:
5f2c032735a76f9d5fcb6b49cd4ea20b
SHA1 hash:
cd52ba2914baf651dc5a1a14ad1197a3634e87ed
Link:
https://www.unpac.me/results/635fa9dc-3f6c-45d9-b4be-392bc2785458/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/f71cbfb508a0/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Executable exe f71cbfb508a0e21d6304b2d83d7fe56fd8c6b27fd720e2d45984923e17442c9b

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3762013/
Cape
Cape
https://www.capesandbox.com/analysis/49738/

Comments