MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MagazineStealer

Vendor detections: 14

Intelligence 14 IOCs YARA 12 File information Comments

SHA256 hash:	fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3
SHA3-384 hash:	131d85aa6ebbd5b7dd065292c61d64d15196e90279720065fefef32edb97d56f7480ce8690dc3423d3c1035110fb526c
SHA1 hash:	00686a415324872cb042a71d59f0172bc7bb8dd6
MD5 hash:	172613a9cfd55c77df03a74ccc7c36eb
humanhash:	eight-early-idaho-item
File name:	fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3
Download:	download sample
Signature	MagazineStealer Create hunting rule
File size:	170'496 bytes
First seen:	2026-05-26 11:32:14 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	95ffeab8661021bf6587d5024110e043 (1 x MagazineStealer)
ssdeep	3072:LHJSQBaRLp7B2N7AjWEtma+tP6FUOog5q9vx:LHMnbWEtmmFUL
TLSH	T1B9F3D05792E272F8E84BC77C6496066073B4F879C315CD7A128694398C72EB86E37B06
TrID	45.5% (.EXE) Win16 NE executable (generic) (5038/12/1) 18.3% (.EXE) OS/2 Executable (generic) (2029/13) 18.0% (.EXE) Generic Win/DOS Executable (2002/3) 18.0% (.EXE) DOS Executable (generic) (2000/1)
Magika	pebin
Reporter	Threatray
Tags:	exe MagazineStealer

Intelligence

File Origin

# of uploads :

# of downloads :

128

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

_fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3.exe

Verdict:

Malicious activity

Analysis date:

2026-05-26 11:41:42 UTC

Tags:

stealer

Link:

https://app.any.run/tasks/17420fb2-eee9-4d37-9832-e98465a38041

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/67991/

Detection(s):

SecuriteInfo.com.Trojan.PWS.Stealer.44963.32304.17469.UNOFFICIAL

MiscreantPunch.SingleXOR.EXE.90.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a1584e55b1db29f5a48023e

Tags:

ransomware virus

Result

Verdict:

Malware

Maliciousness:

Behaviour

DNS request

Connection attempt

Sending a custom TCP request

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug anti-vm barys base64 crypto crypto evasive evasive fingerprint fingerprint hacktool obfuscated obfuscated packed reconnaissance stealer xor-pe zusy

Link:

https://www.filescan.io/uploads/6a1584e4099ef368af00b449/reports/7b0b9aa0-4b66-432c-b706-1413f0d52227/overview

Verdict:

Malicious

Labled as:

Trojan.Generic

Link:

https://www.hybrid-analysis.com/sample/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3

Verdict:

Malicious

File Type:

exe x64

First seen:

2026-03-04T13:07:00Z UTC

Last seen:

2026-03-24T06:07:00Z UTC

Hits:

~100

Detections:

Trojan.Win64.Agent.sb Trojan-PSW.Win64.Coins.eqc Trojan-PSW.Win32.Coins.sb PDM:Trojan.Win32.Generic

Link:

https://opentip.kaspersky.com/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/717178ff-3339-4b06-a672-f272a54a14fa

Score:

99%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3/

Verdict:

Malicious

Threat:

Trojan-PSW.Win32.Coins

Link:

https://tip.neiki.dev/file/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3

Threat name:

Win64.Infostealer.Tinba

Status:

Malicious

First seen:

2026-03-04 14:46:25 UTC

File Type:

PE+ (Exe)

Extracted files:

AV detection:

21 of 36 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7mlp2nxt2vhhkmwn7kupo7rtehllb5y2uf4xirri3dkf6ubf2wzq._file

Verdict:

malicious

Label(s):

bruteratelc4

magazinestealer

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260526-nnl3wsgv8p/

Unpacked files

SH256 hash:

fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3

MD5 hash:

172613a9cfd55c77df03a74ccc7c36eb

SHA1 hash:

00686a415324872cb042a71d59f0172bc7bb8dd6

Link:

https://www.unpac.me/results/ea045bc3-93c0-4fd2-9a2d-6f6f5c7e4b55/

SH256 hash:

a85ea902fdfe222b2dcdbd3d28f05fdcae7846fb538c520afd802422d82ac6c4

MD5 hash:

259664fdd1f94d052f2fc11ce4bd4619

SHA1 hash:

a1f0771626bc623a42deddc3ba8ac688442bf4d3

Detections:

triage_cobaltstrike_reflective

Link:

https://www.unpac.me/results/ea045bc3-93c0-4fd2-9a2d-6f6f5c7e4b55/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fb16fd36f3d54e7532cdfaa8f77e3321d6b0f71aa179744628d8d45f5025d5b3

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BunnyLoader Create hunting rule
Author:	indest
Description:	generic crypto/card stealer rule

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs Create hunting rule
Author:	ditekSHen
Description:	Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.

Rule name:	INDICATOR_SUSPICIOUS_Binary_References_Browsers Create hunting rule
Author:	ditekSHen
Description:	Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Rule name:	Macos_Infostealer_Wallets_8e469ea0 Create hunting rule
Author:	Elastic Security

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	ReflectiveLoader Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:	Internal Research

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:	https://cyfare.net/

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Link

https://x.com/ThreatrayLabs/status/2059228051351769455

Cape

https://www.capesandbox.com/analysis/67991/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample