MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 4 File information Comments

SHA256 hash:	fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf
SHA3-384 hash:	f003056c9a21938d75044fbfc66cc8bfab15985e26c67e63d9015fb8182862bd9a51570111abf3719588b54b14be2c74
SHA1 hash:	96da7dcf18507c3a56ba979b8e70eb4a90e179a8
MD5 hash:	fe0cd1d5a4be7226ca6c9af0963316c3
humanhash:	blossom-whiskey-papa-skylark
File name:	file
Download:	download sample
File size:	204'800 bytes
First seen:	2025-09-05 04:16:16 UTC
Last seen:	2025-09-19 04:16:22 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	8709fa235e2cbd95b1f0ca9107295b06
ssdeep	3072:VNpY2GZV6nM9x514s1uTXUW/Ba+rDMNZfPqNBC+kk3+kasXWr:VLY2GuM/51N4TTjANZaii+kF
TLSH	T14B144B4A77A450F4D0679239C9A69A86F7B2785A077057CF036443BD9F336E09E3E322
TrID	44.4% (.EXE) Win64 Executable (generic) (10522/11/4) 21.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 8.7% (.ICL) Windows Icons Library (generic) (2059/9) 8.5% (.EXE) OS/2 Executable (generic) (2029/13) 8.4% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	Bitsight
Tags:	dropped-by-amadey exe

Bitsight

url: http://178.16.53.7/6.exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

asyncrat

ID:

File name:

Synaptics.exe

Verdict:

Malicious activity

Analysis date:

2025-09-04 23:34:17 UTC

Tags:

xred backdoor github loader hausbomber telegram lumma stealer ransomware cryptolocker delphi auto asyncrat masslogger rat python evasion anti-evasion discord purecrypter rhadamanthys generic lokibot purelogs trojan modiloader dyndns quasar snake keylogger remote neshta njrat bladabindi stealc troldesh shade pastebin vipkeylogger noescape wiper redline xmrig sparkrat donutloader amadey botnet tinynuke ssh screenconnect rmm-tool rdp m0yv blankgrabber ultravnc seetrol jeefo anydesk vidar phishing meterpreter agenttesla xworm exfiltration smtp smb adware babadeda websocket banker grandoreiro auto-sch-xml metasploit stormkitty possible-phishing azorult miner bruteratel salatstealer coinminer cobaltstrike tool whitesnakestealer

Link:

https://app.any.run/tasks/33ea0549-fe75-412e-91ef-4284e4c909bd

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/25141/

Verdict:

Malicious

Score:

91.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68ba64393e988eb6ab83b879

Tags:

ransomware injection

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Sending a custom TCP request

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

exploit fingerprint microsoft_visual_cc obfuscated

Link:

https://www.filescan.io/uploads/68ba646afe1969faa8a69c66/reports/385b2533-b154-4142-8382-eddeac7bed4d/overview

Verdict:

Suspicious

Labled as:

App/RefLoad

Link:

https://www.hybrid-analysis.com/sample/fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf

Verdict:

Malicious

File Type:

exe x64

First seen:

2025-09-05T02:27:00Z UTC

Last seen:

2025-09-05T02:27:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf/results?tab=lookup

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/980e6270-8c91-452d-a518-1cc34ffe8599

Score:

72%

Verdict:

Malware

File Type:

Link:

https://malprob.io/report/fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

Executable PE (Portable Executable) PE File Layout Win 64 Exe x64

Link:

https://app.malva.re/file/fe0cd1d5a4be7226ca6c9af0963316c3

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf/

Threat name:

Win64.Trojan.Kepavll

Status:

Malicious

First seen:

2025-09-05 04:18:31 UTC

File Type:

PE+ (Exe)

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=73nvkugake5jyawbgt5tnpscgue2twe4c7nmmrb45cdf6hm7rlhq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250905-ewse7ssjy5/

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/83f81b49-1216-49b2-bbc6-1878f568ec08

Unpacked files

SH256 hash:

fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf

MD5 hash:

fe0cd1d5a4be7226ca6c9af0963316c3

SHA1 hash:

96da7dcf18507c3a56ba979b8e70eb4a90e179a8

Link:

https://www.unpac.me/results/223f63c2-ba32-4e46-8bac-e10937befb61/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_SUSPICIOUS_ReflectiveLoader Create hunting rule
Author:	ditekSHen
Description:	Detects Reflective DLL injection artifacts

Rule name:	ReflectiveLoader Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fedb5550c0513a9c02c134fb36be423509a9d89c17dac6443ce8865f1d9f8acf

(this sample)

Dropped by

Amadey

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3617562/

Cape

https://www.capesandbox.com/analysis/25141/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample