MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ConnectWise


Vendor detections: 6


Intelligence 6 IOCs YARA 24 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5
SHA3-384 hash: 07e6551a862c8ac9ace3707a1dc1aecb60860904b5bb619093be070660bf48e756ae6ac1a17fbc73ee4f765c4a6db330
SHA1 hash: f1ce5b14aa0dc7e618758c2429d5806816fb85e7
MD5 hash: 8199e500c966e51769cb8e7bf8d240ea
humanhash: kansas-zebra-snake-item
File name:00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5.zip
Download: download sample
Signature ConnectWise
Create hunting rule
File size:23'537'044 bytes
First seen:2025-12-30 10:20:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 393216:Rcv5o7V5ka275XcsRmUQlGjqxqvGhKrQKuxGqwYaKcv5o7V5ka275XcsRmUQlGjc:Rcv5ckJ1rmNqqpKb0wHKcv5ckJ1rmNqc
TLSH T1C837330C96AC740AF1B679AF89382FF15C8B34538C5265946D4E33D82EC0DE37FA651A
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika xpi
Reporter JAMESWT_WT
Tags:ConnectWise pingserv-pro zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
IT IT
File Archive Information

This file archive contains 32 file(s), sorted by their relevance:

File name:install.res.1031.dll
File size:96'272 bytes
SHA256 hash: 90a6571c6dba2b9837b3131f9fb5bba445b11fd3339d5e046aec6f141af7a499
MD5 hash: d6cc78d47d4684b1fc7d50869a5c72f9
MIME type:application/x-dosexec
Signature ConnectWise
File name:315
File size:432 bytes
SHA256 hash: 009d894ca455e243b27f66150d3b73b27e19c16e71e0cb9d0928990a5d189a4e
MD5 hash: 0f5227e3927ee2eda57064d4f6ac5565
MIME type:application/octet-stream
Signature ConnectWise
File name:IDI_CHKPRODUCT
File size:20 bytes
SHA256 hash: 70c44df2204ba02cef387313aed59a095724ba4b8e0213b68e41418b1236e140
MD5 hash: e113b50b534c1cf282bd8b50aa427dfe
MIME type:application/octet-stream
Signature ConnectWise
File name:301
File size:420 bytes
SHA256 hash: 702fb7ce3efa097ade916aef2a03c995dd8f2dce7af019b193bb6bf386694991
MD5 hash: bb097ebad20f69d3ba104c9f75171579
MIME type:application/octet-stream
Signature ConnectWise
File name:605
File size:20 bytes
SHA256 hash: 28b8110695851e5280ff55cb78507b03e8b74dd370b8e122179c82b56f7e5f37
MD5 hash: 5df05404b0dab444d7bc0fe0bee0d519
MIME type:application/vnd.lotus-1-2-3
Signature ConnectWise
File name:install.res.1041.dll
File size:81'424 bytes
SHA256 hash: 1dc80b56c6a8717c246481b76f1e07d68535f1a40c029d75c4219aa018ac5bc0
MD5 hash: b50eb5c49857fc2ddf9f1f523a3b3a8f
MIME type:application/x-dosexec
Signature ConnectWise
File name:604
File size:548 bytes
SHA256 hash: 62b5545baf29d657b58dc2dce65b4c3979c9f828d8624a4e2c518365bb6d2b15
MD5 hash: 01c96b28fe7b4cb6abfddd60315d904b
MIME type:application/octet-stream
Signature ConnectWise
File name:212
File size:260 bytes
SHA256 hash: 17d68b1dcdcd8880352db9e339ad4210fedb4296ce1857762bb29a97af782683
MD5 hash: a76c4bb50ca448d55934156865911e43
MIME type:application/octet-stream
Signature ConnectWise
File name:11
File size:308 bytes
SHA256 hash: dc72b2c4e8fe887c26fb57c00eb21139f7799e297bdf74b2b4db3474fee90509
MD5 hash: 5eda44171a239586bd6adce2d8692994
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.1042.dll
File size:79'888 bytes
SHA256 hash: 5ee149d88b40e62ca51c4372304b86d131a740da0fd8f6cb826fa69b7a32d88b
MD5 hash: c839f92c4460b8e8ea12bc46dda8d04b
MIME type:application/x-dosexec
Signature ConnectWise
File name:603
File size:290 bytes
SHA256 hash: 7e6119b456b14e44913fdaed8fe1f8ae64cce4312a6d3bb15d4c82a89c582f43
MD5 hash: 7afaebacd9f3060f97e2979f8a642bf3
MIME type:application/octet-stream
Signature ConnectWise
File name:305
File size:34 bytes
SHA256 hash: b9526937ca2715e9b12796a65392e1913bb5c77f5e2420c78e31baf7dadac873
MD5 hash: 8655b844bfee663f0d289f7e08cc609e
MIME type:application/octet-stream
Signature ConnectWise
File name:298
File size:584 bytes
SHA256 hash: 67109cccbda61bb569b4a95c8c4bb318a411d7ff9e61dd8b74a684eb675fa4db
MD5 hash: fde7f2cbe0aa014dc50aa4a0bd0bc04f
MIME type:application/octet-stream
Signature ConnectWise
File name:tmodloader (1).zip
File size:11'768'448 bytes
SHA256 hash: f4dc910916a91babe0cae53900596e09b466a6f96daea9d5d4b3b69aa54da70e
MD5 hash: 4a81c19f373b1ec3d107c6a9ddea5695
MIME type:application/zip
Signature ConnectWise
File name:install.res.1036.dll
File size:96'784 bytes
SHA256 hash: c8460ed80fa245ab450ef0f9eb4138484d6d182879c518c5077655dae621320f
MD5 hash: 7f1cd80a5ed9eb06ed532f904748c77e
MIME type:application/x-dosexec
Signature ConnectWise
File name:297
File size:288 bytes
SHA256 hash: 084f6459d67c0dace6843a08998778177bbd9b3104145740329b2966b10264fb
MD5 hash: 29081c86e3bb53d2d9dcb30984b26187
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.2052.dll
File size:562'688 bytes
SHA256 hash: 3377e31d233ff41aea253e6221815820997763acdf40b005f8791400366cb8ff
MD5 hash: 33c9213ff5849ef7346799cae4d8ac80
MIME type:application/x-dosexec
Signature ConnectWise
File name:299
File size:578 bytes
SHA256 hash: 3e6d2370ed79b0954b74b67bd9a2621c3d4b6fe31d164cc08bb73741c49a8ae5
MD5 hash: 8ca353a178f596b8e1ee9fa5c1b70d80
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.1033.dll
File size:91'152 bytes
SHA256 hash: 2893b1b9751f833d4a3ded7c1fba1a96cada2927a2349c5d751365eed647c100
MD5 hash: 8e97ea8a1ed69806232e8743f9a28706
MIME type:application/x-dosexec
Signature ConnectWise
File name:install.ini
File size:806 bytes
SHA256 hash: 3251b20fafb32cc09ea330457efdc382df95e80ab78631633d5fa37a28f32701
MD5 hash: 1ddde66a3bbd96a105a57dc962ae1325
MIME type:application/x-wine-extension-ini
Signature ConnectWise
File name:300
File size:490 bytes
SHA256 hash: 0a65b67c347b3b5b722ca2b5f6c31d05d4d994ea8611ab7f4e67626fa76cf5c3
MD5 hash: f4b07728aa00e822e1946b8883e9bb1d
MIME type:application/octet-stream
Signature ConnectWise
File name:308
File size:34 bytes
SHA256 hash: 06235b3cc2ed108d294896209f8f52277dbae7d499b88a9d10d9880adceb5413
MD5 hash: 4562c94622e40849eec18f065c45c540
MIME type:application/octet-stream
Signature ConnectWise
File name:221
File size:20 bytes
SHA256 hash: a0c9d012e2bf6b2fe05c2d97cb5594d97cf2f539e97935c12abd7a3562f4d9bf
MD5 hash: 42cf62b780813706e75fb9f2b2e8c258
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.3082.dll
File size:96'272 bytes
SHA256 hash: 0760c6fbca07e8e4a342ae8b7ed9a05408a449ebb6fa52a232c9451c742da547
MD5 hash: 3634855e4fa1a6577aa9be016429e127
MIME type:application/x-dosexec
Signature ConnectWise
File name:tmodloader.exe
File size:855'552 bytes
SHA256 hash: 8d08136a1964c72b6b450b11d9bf2b3d3d289c26dfadfc9f021114eac2cea1ca
MD5 hash: 87603ea025623b19954e460add532048
MIME type:application/x-dosexec
Signature ConnectWise
File name:307
File size:34 bytes
SHA256 hash: cd07dc2185fca682e34141b058a2b4794bfde621a0e355e6e7080686a8c78750
MD5 hash: 30d3c08a7e102b3c76c369e7d689187e
MIME type:application/octet-stream
Signature ConnectWise
File name:616
File size:192 bytes
SHA256 hash: 1a35182cddaed03e0ab466ba2184c33071b269b334ad19de692804c1d3a4f5b5
MD5 hash: 6f368c649bc7c86871de03bb741e517c
MIME type:application/octet-stream
Signature ConnectWise
File name:258
File size:400 bytes
SHA256 hash: 262d5cb129069e727e4d144d8c2e5f29a4c3c03dd6bbaeeac8b5d25e0360f7a7
MD5 hash: 2f6a477f1194ddba4b3f78ba0b4cfbfa
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.1028.dll
File size:76'304 bytes
SHA256 hash: ff07a4fe9e68745f31fe1b2f66c003ebbd1a9610b1ebe6454e2a04226c6d4872
MD5 hash: c935cf3f3e0705d37be4f97d6a83f87e
MIME type:application/x-dosexec
Signature ConnectWise
File name:302
File size:432 bytes
SHA256 hash: d5acd9dc044f715b0159a55a34c6e30cb9941a2d8caa6b7615bead3b5df51ccf
MD5 hash: 26b99da242532acb228f7ba668443b2a
MIME type:application/octet-stream
Signature ConnectWise
File name:306
File size:34 bytes
SHA256 hash: 7b7cc020e1888740524df4831d80184a709a3cf52ed76335cb247253157f6e60
MD5 hash: f6bfdcc9b84f40cd4f2f4986395461da
MIME type:application/octet-stream
Signature ConnectWise
File name:install.res.1040.dll
File size:11'251'712 bytes
SHA256 hash: ab258b4e6868de773c9d532d7410a53a3a81861163ac0238100d1bdd8f2b0ed1
MD5 hash: 1d4aab5d6b71edf69562583a3b982e6b
MIME type:application/x-msi
Signature ConnectWise
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/b2b7ebdb-9fac-4c1f-864d-2e05f54d245d/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=695374517468b4bd1c8ed18a
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-28T07:16:00Z UTC
Last seen:
2025-12-28T07:51:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.OLE2.Alien.gen Trojan.Win64.Agentb.lfwr not-a-virus:HEUR:RemoteAdmin.Win32.ConnectWise.gen not-a-virus:HEUR:RemoteAdmin.MSIL.ConnectWise.gen
Link:
https://opentip.kaspersky.com/00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5/results?tab=lookup
Score:
11%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5
Gathering data
Gathering data
Threat name:
Win32.Infostealer.ScamSConnect
Create hunting rule
Status:
Malicious
First seen:
2025-12-28 13:32:32 UTC
File Type:
Binary (Archive)
Extracted files:
1085
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ac4kbuccj7ewhbdt6xchec2kbotfasv53fqpfamutubkea4b42sq._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/00b8a0d0424fc9638473f5c4720b4a0ba6504abdd960f281949d02a20381e6a5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:abused_screenconnect_config
Create hunting rule
Author:Ariel Davidpur (arield9)
Description:Detect ScreenConnect EXEs with suspicious host in ?h= parameter
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:INDICATOR_RMM_ConnectWise_ScreenConnect
Create hunting rule
Author:ditekSHen
Description:Detects ConnectWise Control (formerly ScreenConnect). Review RMM Inventory
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:win_evilconwi_w0
Create hunting rule
Author:Karsten Hahn @ G DATA CyberDefense
Description:Settings from app.config that hide the connection of the client. These settings are potentially unwanted

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments