MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753
SHA3-384 hash:	ee15a218409d142b3c63f34ec69034ef64d2b14036e43207f588e666de5d16420078dd346aadf99e49ebb5882453c8b4
SHA1 hash:	bf3e7b98fbe0618805ca1d1ea20572aea7a488ae
MD5 hash:	e40bbf93ae98947840a5c15d34048871
humanhash:	oxygen-pasta-skylark-aspen
File name:	SecuriteInfo.com.Win64.Malware-gen.37413156
Download:	download sample
File size:	78'500'250 bytes
First seen:	2025-10-11 07:18:25 UTC
Last seen:	2025-11-07 12:53:32 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	4b1892ce4fbcfcf064c6f69d693fc6a5 (10 x Rhadamanthys, 4 x AgentTesla, 3 x QuasarRAT)
ssdeep	786432:yBuLltkbwWROUNl6SHwMGexYdPX6HLobvw:yBWkfyMGexY0ELw
TLSH	T15908AE25E7D40615D1FEC278C2668352DAF0B4C25317D2CF1474EA992FA3BC15A3B2AE
TrID	63.5% (.EXE) Win64 Executable (generic) (10522/11/4) 12.2% (.EXE) OS/2 Executable (generic) (2029/13) 12.0% (.EXE) Generic Win/DOS Executable (2002/3) 12.0% (.EXE) DOS Executable Generic (2000/1)
Magika	pebin
dhash icon	f0b2544d4c70968e
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SecuriteInfo.com.Win64.Malware-gen.37413156

Verdict:

Malicious activity

Analysis date:

2025-10-11 07:42:42 UTC

Tags:

anti-evasion python stealer miner winring0-sys vuln-driver xor-url generic themida upx

Link:

https://app.any.run/tasks/877c72a6-8286-4582-b92a-81d33327a73a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ea04e4f2ca2f143e414059

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connecting to a non-recommended domain

Sending an HTTP GET request

Creating a file in the %temp% subdirectories

Sending a custom TCP request

Moving a file to the %temp% subdirectory

Creating a process from a recently created file

Creating a process with a hidden window

Moving a recently created file

Launching a process

Сreating synchronization primitives

Creating a file

Creating a window

Using the Windows Management Instrumentation requests

Running batch commands

Forced shutdown of a system process

Unauthorized injection to a system process

Adding an exclusion to Microsoft Defender

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

agenttesla anti-debug anti-vm base64 expired-cert fingerprint microsoft_visual_cc net njrat njrat overlay overlay rat reconnaissance

Link:

https://www.filescan.io/uploads/68ea04f54f3013c55e4a453f/reports/ba005201-4926-426d-af96-2edb5486bd75/overview

Verdict:

Suspicious

Labled as:

TR/AVI.PWS.Agent

Link:

https://www.hybrid-analysis.com/sample/fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-10-11T02:47:00Z UTC

Last seen:

2025-10-12T05:36:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753/results?tab=lookup

Score:

60%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753

Gathering data

Threat name:

Win64.Trojan.Kepavll

Status:

Malicious

First seen:

2025-10-11 01:35:03 UTC

File Type:

PE+ (Exe)

Extracted files:

373

AV detection:

14 of 24 (58.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7vufff2pczfose4hw3dy4574ju6hwlos5iftdiwyuyrhgsa7e5jq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251011-h5lwkadq5x/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Verdict:

Suspicious

Tags:

red_team_tool

YARA:

INDICATOR_TOOL_WEDGECUT

Link:

https://app.threat.zone/submission/62ddfde8-16e1-46b0-b461-be3f6afc57be

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fd6852974f164ae91387b6c78e77fc4d3c7b2dd2ea0b31a2d8a62273481f2753

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3668095/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample