MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 10 File information Comments

SHA256 hash:	fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33
SHA3-384 hash:	1f090fe27411155cb4ee4f25c52be848bbb535bcb17ae817fe7329058dd935149d913506409c9b346d36d3b7858f26c2
SHA1 hash:	f1e6d04e2bd3a5edff6af50137a922f7bfb97833
MD5 hash:	c2bde35c4e4b5bc34674f51dee2e2e32
humanhash:	sixteen-spring-white-jupiter
File name:	SecuriteInfo.com.Gen.Variant.Fragtor.894310.21518.10838
Download:	download sample
File size:	5'808'576 bytes
First seen:	2025-08-26 00:28:19 UTC
Last seen:	2025-08-26 01:16:30 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	c7e1e07c45dcc3152be6002d0e9be64a
ssdeep	98304:aFkn6R/9tpgruNeW0VHhi/waOMULeySnMQTAfVbwotpgruNeW0VHhL3S5VicLaj4:arGruNeW0DWTXUyyS9TAdbw+GruNeW0G
TLSH	T1AB461226B7F481B5E4BB663489A64261EB7ABC601A30C74F13D045AE1F737D0AE35723
TrID	40.3% (.EXE) Win64 Executable (generic) (10522/11/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4504/4/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3)
Magika	pebin
Reporter	SecuriteInfoCom
Tags:	exe

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Malware family:

amadey

ID:

File name:

random.exe

Verdict:

Malicious activity

Analysis date:

2025-08-25 19:41:23 UTC

Tags:

lumma stealer amadey auto redline botnet telegram vidar themida stealc arch-exec rdp gcleaner loader autoit auto-sch purecrypter evasion

Link:

https://app.any.run/tasks/848f0143-95dd-4168-9980-c8aae255f37a

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/23520/

Verdict:

Clean

Score:

89.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68acffc03e988eb6ab82b9a2

Tags:

n/a

Result

Verdict:

Clean

Maliciousness:

Behaviour

Сreating synchronization primitives

Verdict:

Malicious

Labled as:

Win/malicious_confidence_100%

Link:

https://www.hybrid-analysis.com/sample/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

Verdict:

Malicious

File Type:

exe x32

First seen:

2025-08-25T13:47:00Z UTC

Last seen:

2025-08-25T13:47:00Z UTC

Hits:

~10

Detections:

UDS:DangerousObject.Multi.Generic

Link:

https://opentip.kaspersky.com/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33/results?tab=lookup

Malware family:

Sysinternals

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/2241c584-8e84-41f8-ba76-4d35a510ddb1

Score:

34%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

Verdict:

inconclusive

YARA:

4 match(es)

Tags:

.Net Executable Managed .NET PDB Path PE (Portable Executable) PE File Layout SOS: 0.19 SOS: 0.21 SOS: 0.23 SOS: 0.26 SOS: 0.27 SOS: 0.29 Win 32 Exe x86

Link:

https://app.malva.re/file/c2bde35c4e4b5bc34674f51dee2e2e32

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-08-25 14:22:17 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=73sva2khqmuaofg53ib64k56xe6y5j3j7n6tio2rfjd7wmahvuzq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250826-ass54stnv2/

Behaviour

System Location Discovery: System Language Discovery

Verdict:

Suspicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/74901cac-f2a5-49e9-b17e-9c5c9517c4e1

Unpacked files

SH256 hash:

fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

MD5 hash:

c2bde35c4e4b5bc34674f51dee2e2e32

SHA1 hash:

f1e6d04e2bd3a5edff6af50137a922f7bfb97833

Link:

https://www.unpac.me/results/22192d48-ddcd-4d3e-9a05-5619afbb0ab1/

SH256 hash:

0b3731c524e6ba716f15087d85eae7e6225b6b51d4ae2fa6c142ff1523f57046

MD5 hash:

8f28087d8d0e716368314c2f1a159280

SHA1 hash:

7e383ae0f632c02ef98168b6c1a33fd449d6c393

Link:

https://www.unpac.me/results/22192d48-ddcd-4d3e-9a05-5619afbb0ab1/

SH256 hash:

b413e85a09b1a4c43957e745cf4c899c57c828c5c2c37a9869bd0bb995b7c403

MD5 hash:

d89440c6adc8455284f75ad9bbb483bb

SHA1 hash:

f62217875ac1b2542fa3e7d67317aef37e4d8ac6

Link:

https://www.unpac.me/results/22192d48-ddcd-4d3e-9a05-5619afbb0ab1/

SH256 hash:

b7cf6f6cfc98291e911b4d4f3e0e560e6ebf3cb9be664bd2b5d6c05fcce04738

MD5 hash:

e45b7f61cc97ef54878a4e9c3dc16c48

SHA1 hash:

e40e624c43c5717bd77cd5efdf98b2fe630c13c7

Link:

https://www.unpac.me/results/22192d48-ddcd-4d3e-9a05-5619afbb0ab1/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_AllMal_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DebuggerCheck__QueryInfo Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	maldoc_find_kernel32_base_method_1 Create hunting rule
Author:	Didier Stevens (https://DidierStevens.com)

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	ThreadControl__Context Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe fee550694783280714ddda03ee2bbeb93d8ea769fb7d343b512a47fb3007ad33

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3611336/

Delivery method

Distributed via web download

Cape

https://www.capesandbox.com/analysis/23520/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample