MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655
SHA3-384 hash: 4f76fe55afd03dcfffd92aea0d1bc8a3b759067dd849197d8de4771129bf71df360b2b824b6c32e67ee3db4a311feea2
SHA1 hash: de173c2fcb6e9a330e2ffaa7e03fbf69e14489d7
MD5 hash: 7e951e909e004aab5ea84d8f7cf3bc00
humanhash: alaska-don-oscar-video
File name:SPAM.zip
Download: download sample
File size:3'721'006 bytes
First seen:2026-06-09 08:07:10 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:cFvcsEm8xd5H5Qvb32AJhbs5i1aLT4MYb78VyqN:0KK1XQ5i1RVYVyQ
TLSH T1AF0633AD741D892A5F3B4B5311F2821346B90D88F669D3FF55CBC8386106DE8C2CAED6
Magika zip
Reporter JAMESWT_WT
Tags:dropped ftp-fibrasanchez-com Spam-ITA stego zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
IT IT
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:stego (2)
File size:2'628'574 bytes
SHA256 hash: f7f495eb25f8a0593da540b491431080e8aa813d970b6028a2e037ab4d5c6348
MD5 hash: 9d82acd80d385d262519c14c6394e057
MIME type:image/jpeg
File name:stego
File size:2'941'093 bytes
SHA256 hash: 39b1a00bda5838b05fbb680766bc8f71611a0d0ea3d833a8e93a13a65a45a6ea
MD5 hash: 743934660d2b5ae11c5d940ab06931b0
MIME type:image/jpeg
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/74610360-6eca-46ce-bbf6-869f5c147886/
Detection(s):
YARA.SIGNATURE_BASE_SUSP_Reversed_Base64_Encoded_EXE.UNOFFICIAL
Create hunting rule

TwinWave.EvilZip.OnAndOn.20221219.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a27c9cea15110463ee42d07
Tags:
packed virus msil
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
obfuscated overlay
Link:
https://www.filescan.io/uploads/6a27c9b5e6f7d2d27d57aea3/reports/2d8bed2c-085c-4666-b45a-9e2560094cd6/overview
Verdict:
Suspicious
Labled as:
Susp.U.EncodedPE.sd
Link:
https://www.hybrid-analysis.com/sample/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-09T07:11:00Z UTC
Last seen:
2026-06-09T07:49:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655/results?tab=lookup
Score:
54%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=amjn5ypkmtjhdhioj72gydmo6opc4me7ibgxjtquyxfmwq36kzkq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/260609-k2n8maf13z/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0312dee1ea64d2719d0e4ff46c0d8ef39e2e309f404d74ce14c5cacb437e5655

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_Reversed_Base64_Encoded_EXE_RID3291
Create hunting rule
Author:Florian Roth
Description:Detects an base64 encoded executable with reversed characters
Reference:Internal Research
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments