MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765
SHA3-384 hash: 66313058dd8cd17d5c5525c62c1539d5698d1be0ae6f5ff6fbe01be9294bfd9a23bb498bd23dae50623402aff9b5167d
SHA1 hash: 9f6b1873a5bf031768c331786fd3a83f4c668c4a
MD5 hash: 82e2e23ba05a144065969b0211783966
humanhash: robert-eight-blue-grey
File name:module_1758538390822.jar
Download: download sample
File size:29'642'401 bytes
First seen:2025-09-22 14:10:08 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 786432:LDNcvQGN5q+feL1rC8Mk4CrpPXjstm97IDEzoY:LDNc4Y55eLVC8MkDtPXWu7I4zZ
TLSH T19F570219D25F403ACA57D67928EF4BE6FF30829F8221571F23F439198CD2B890B62759
TrID 55.0% (.SPE) SPSS Extension (30000/1/7)
24.7% (.JAR) Java Archive (13500/1/2)
12.8% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
7.3% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter ShadowOpCode
Tags:discord hkkus31 jar java LootRush stealer

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
IT IT
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
https://we.tl/t-W9c0bRzPXI
Verdict:
Malicious activity
Analysis date:
2025-09-22 04:07:32 UTC
Tags:
github discord stealer arch-html arch-doc qrcode nodejs generic
Link:
https://app.any.run/tasks/aeb7d207-eed6-488d-8d58-e31b0d25dd2b

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28569/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68d158e96c66b7ab69383067
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-debug anti-vm lolbin macros-on-close obfuscated runonce
Link:
https://www.filescan.io/uploads/68d158f4dc1cad370d1e6ba6/reports/72482295-bfbe-4583-957d-e6415278674d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765
Verdict:
Malicious
File Type:
jar
First seen:
2025-09-22T08:42:00Z UTC
Last seen:
2025-09-22T08:42:00Z UTC
Hits:
~10
Detections:
Trojan-PSW.Win32.Greedy.sb
Link:
https://opentip.kaspersky.com/002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aaqafzp4myd6bgoopmuhyil4dzdzsyegwpt6neut6jggpmc7s5sq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion discovery execution
Link:
https://tria.ge/reports/250922-rg79bsdp5x/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Kills process with taskkill
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Browser Information Discovery
Enumerates processes with tasklist
Legitimate hosting services abused for malware hosting/C2
Loads dropped DLL
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

zip 48a22412511f65753900b5d94831b132eb30f20620aa5f1abb3f64aa44b23b20

Java file jar 002002e5fc6607e099ce7b287c217c1e47996086b3e7e69293f24c67b05f9765

(this sample)

  
Link
https://github.com/hkkus31/license-20250821145041-d409
  
Dropped by
SHA256 48a22412511f65753900b5d94831b132eb30f20620aa5f1abb3f64aa44b23b20
  
Dropped by
MD5 2da19cc165b736e3955a9a4287aeefb1
Cape
Cape
https://www.capesandbox.com/analysis/28569/

Comments