MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5
SHA3-384 hash: 64516d946129e1d9237bc4c8862e744c1398be43c99486325fd502f0fc7224acb4865fae03d0b0559b5de5047c5e7816
SHA1 hash: 6850021573532ca462178502c3c6dc4c0f61bbe8
MD5 hash: 6ccd41e54b31ea3a1e5a457830b96d95
humanhash: foxtrot-tennessee-missouri-neptune
File name:ΠΛΗΡΩΜΗ_037BO35N.r00
Download: download sample
File size:1'326'040 bytes
First seen:2026-04-28 11:55:19 UTC
Last seen:Never
File type: r00
MIME type:application/x-rar
ssdeep 24576:swfoQxYfRE7zDuAmujKUgTAyuwFMoO70kiUk/lX3mmy3j2dCE/bK2onGtwM94rlP:zBYfREPKBujK17uwFMx0kiUktty3jLgE
TLSH T1CF55335779EF6C74011EC3D3A2CB842A064B742DA82EA2D71F8786135DE5CD21A5CC7B
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:DLL-Sideloading r00


Avatar
TomU
0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5 ΠΛΗΡΩΜΗ_037BO35N.r00
75875cbf35073ab1722ae080c1c50dae2325e189a87ec1e3e6ffb8e60d34c83e ΠΛΗΡΩΜΗ_037BO35N.exe
2766d689e36eb1cef01f6c468a0d395d28c80e8c385c5ce228ee8157957f2568 base.dll

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
CH CH
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:ΠΛΗΡΩΜΗ_037BO35N.exe
File size:132'216 bytes
SHA256 hash: 75875cbf35073ab1722ae080c1c50dae2325e189a87ec1e3e6ffb8e60d34c83e
MD5 hash: 0e17a6290052a9e3d923b9ed9e26ce47
MIME type:application/x-dosexec
File name:base.dll
File size:3'931'136 bytes
SHA256 hash: 2766d689e36eb1cef01f6c468a0d395d28c80e8c385c5ce228ee8157957f2568
MD5 hash: a85ba8dee9d95237b287f9703d750c17
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/e4a2b60b-fabc-4c37-9cfc-7814c8f59faf/
Detection(s):
Win.Malware.Aotera-10059964-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug microsoft_visual_cc
Link:
https://www.filescan.io/uploads/69f0a03b81aa9ec3bc2eb5ae/reports/fbf3394b-a8a5-4725-9291-4f4ee7bf420d/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5
Verdict:
Malicious
File Type:
rar
First seen:
2026-04-28T09:01:00Z UTC
Last seen:
2026-04-28T09:13:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan.Win64.Generic HEUR:Trojan.Win64.Aotnet.gen
Link:
https://opentip.kaspersky.com/0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5/results?tab=lookup
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5/
Verdict:
Malicious
Threat:
Family.FORMBOOK
Link:
https://tip.neiki.dev/file/0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5
Threat name:
Win64.Trojan.Kepavll
Create hunting rule
Status:
Malicious
First seen:
2026-04-28 11:55:45 UTC
File Type:
Binary (Archive)
Extracted files:
3
AV detection:
15 of 24 (62.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=aij3lxx4wg2m3m3tuwjozxtepjovaecxap6ovunv7uiqrpzlxdsq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

r00 0213b5defcb1b4cdb373a592ecde647a5d50105703fcead1b5fd1108bf2bb8e5

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments