MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 063ec3100b9cec2cc2c42988485921182c1b5ae32ce71df84f9ba7415d491fea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



KongTuke


Vendor detections: 7


Intelligence 7 IOCs YARA 14 File information Comments

SHA256 hash: 063ec3100b9cec2cc2c42988485921182c1b5ae32ce71df84f9ba7415d491fea
SHA3-384 hash: 24ea1fa4755fcbe4da2881a6aac1aff67dd435a68b07e35c8c3c58c9c2ed73300ef8db18938dce228a9de4a36e3b31b9
SHA1 hash: e0a804559e932da765d5029e07fbaba68e3643aa
MD5 hash: 4469566bd670fd05f111ee9aa1b58727
humanhash: romeo-mobile-nuts-stairway
File name:package
Download: download sample
Signature KongTuke
File size:7'000'969 bytes
First seen:2026-06-29 17:10:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:DTnY2/qlLSDlI19xwy3FZ/CSpHUx3lBkCk0y9rOhua10gtHa:HNGSDWLiy1ZRpI37khkhuaugA
TLSH T19E66335451753EAEE81C98B5BAA42B63E201FD1D3DD16410582FE0E2FB926C9BFC035B
Magika zip
Reporter monitorsg
Tags:Kongtuke zip


Avatar
monitorsg
hXXps://ackeamann[.]xyz/file.js (ClickFucker) --> hXXps://ackeamann[.]xyz/api/v1/session (token) --> hXXps://ackeamann[.]xyz/api/v1/verify (gateway) --> hXXps://ackeamann[.]xyz/api/v1/status (clipboard) --> hXXps://synccert7665[.]com/update/package (tar)

Intelligence


File Origin
# of uploads :
1
# of downloads :
174
Origin country :
US US
File Archive Information

This file archive contains 23 file(s), sorted by their relevance:

File name:xul.dll
File size:5'742'080 bytes
SHA256 hash: cca32312abd37aa680b42c285fdc872b55f121aaf3ce0c475c281351ae8b35d5
MD5 hash: 0bdc01c89d6b92c5e93fb2cba206c90e
MIME type:application/x-dosexec
Signature KongTuke
File name:mozglue.manifest
File size:240 bytes
SHA256 hash: 23680bbba9edbbfab98e27f9bd676b031da3b20adfe909ce86c9ecc1b8bb80d1
MD5 hash: 5d5e62ad6d1023592406fe3ea1f0ea75
MIME type:text/xml
Signature KongTuke
File name:vcruntime140_1.dll
File size:47'264 bytes
SHA256 hash: e6bfb3662ab4b1969a73441dbe35c96d51441b6bff8cf1fe7430bd5b246ca605
MD5 hash: 03b43160d21c08de07a79d0a1c5ee81d
MIME type:application/x-dosexec
Signature KongTuke
File name:AccessibleMarshal.dll
File size:233'984 bytes
SHA256 hash: ee5927338d32ea1bbb75efed4074153ea98a8e837c27133306b1679aa237645f
MD5 hash: 43498ef1fb10a5def41575bda8df0bc3
MIME type:application/x-dosexec
Signature KongTuke
File name:gkcodecs.dll
File size:233'472 bytes
SHA256 hash: c591190119db9cec6b5882c7b7dae9eb4f559d2e1e7911e588903fe81d13626e
MD5 hash: e5608cf2663a46e0afbc69d5b37bf5ef
MIME type:application/x-dosexec
Signature KongTuke
File name:mozglue.dll
File size:608'256 bytes
SHA256 hash: 8b76e15e2d19a3b42f5a32d84dbfd52432fe19587a9228a6b7d4480c02eebeda
MD5 hash: 8f3e68dbf7071c36602691fcdfcd141e
MIME type:application/x-dosexec
Signature KongTuke
File name:plugin-container.exe
File size:144'512 bytes
SHA256 hash: 653a27b36c41fbb6ac9e7538b481e95b77ebc7eb4f83eb99b4838c81bff64dfa
MD5 hash: 6935302137f3152317eb6a3b4a74f8c5
MIME type:application/x-dosexec
Signature KongTuke
File name:wmfclearkey.dll
File size:259'072 bytes
SHA256 hash: a59486c657007b3aa40edcfd709ab9e0e9d70a78305489a1d23230846963a54a
MD5 hash: 21416e4bca8fa0f0dd80be93233bd420
MIME type:application/x-dosexec
Signature KongTuke
File name:freebl3.dll
File size:233'472 bytes
SHA256 hash: abcb045d91909f64748536fa406d564dd7adbd25cc114aeddedd6145e8168e51
MD5 hash: 4ef8aa1581495b2e7b2484fad0679f2a
MIME type:application/x-dosexec
Signature KongTuke
File name:mozinference.dll
File size:250'368 bytes
SHA256 hash: 24f1dfaa9847f556973ea2443051646a3e6adf8991b3ef5e193e9642d8efaa8b
MD5 hash: 9c071269fe28cb481fea8cd46e95bc9f
MIME type:application/x-dosexec
Signature KongTuke
File name:vcruntime140.dll
File size:123'472 bytes
SHA256 hash: 184146852727a9db4eea06178716bec3cdbb1015c911f6b0f915b184ad7775b2
MD5 hash: 0d35c5e99871b4f02c490b9fd9dace34
MIME type:application/x-dosexec
Signature KongTuke
File name:nss3.dll
File size:238'592 bytes
SHA256 hash: 956500c1a0f910bc695df60acfecf92c6da7630b6e70cf0a4909383782bd6829
MD5 hash: 001e35d9cd4baad7b443a33e2ff754d9
MIME type:application/x-dosexec
Signature KongTuke
File name:libEGL.dll
File size:1'496'576 bytes
SHA256 hash: c9d3758301521245bf344392697176f0b822ba0fd9514566475f0f0509c58a18
MD5 hash: c6413c9c8501ea0ed35cfe57bd17b2ce
MIME type:application/x-dosexec
Signature KongTuke
File name:libGLESv2.dll
File size:1'672'704 bytes
SHA256 hash: 93c3a838f117784c8e762975234dfa4e2cc2d7139345a3eabc02871fa05b079a
MD5 hash: 0bc075819cec04c18c460199936f4bc1
MIME type:application/x-dosexec
Signature KongTuke
File name:notificationserver.dll
File size:233'984 bytes
SHA256 hash: e63ceea9373464b7947b0e68465c8f3ccf561f24580467bb68e8d10777239818
MD5 hash: fa569d135ade23cb4df55ef045095c20
MIME type:application/x-dosexec
Signature KongTuke
File name:mozavcodec.dll
File size:294'400 bytes
SHA256 hash: a54104335aef01962edcec9b30ab334b4e33143b7684b8b0fa4113958c0d04f9
MD5 hash: c2ad0983c73398b2c4d293b565dee6c3
MIME type:application/x-dosexec
Signature KongTuke
File name:mozavutil.dll
File size:237'056 bytes
SHA256 hash: fcc9f9eb6cf26445f561e4281107373c496afcc5f44667810c3a66efabb71d90
MD5 hash: 77c988c9521a2d8dc6439d928f14d7ba
MIME type:application/x-dosexec
Signature KongTuke
File name:2
File size:342 bytes
SHA256 hash: d3ba6d7356137377ef02fc0ef15e97b7b4619e18206b83047d758cd1551479ec
MD5 hash: e329183d61421d9516c6db70aa146c22
MIME type:text/xml
Signature KongTuke
File name:msvcp140.dll
File size:553'552 bytes
SHA256 hash: def46aa6a8f72f27bafac0c43334419486a4d1dcdb6c479a8ef7034b3e1fa4cb
MD5 hash: 4e3fa9bd90ef020c14359639dc19312b
MIME type:application/x-dosexec
Signature KongTuke
File name:firefoxupdate.dll
File size:234'496 bytes
SHA256 hash: f0f2f3d690255ff4fcd40253b49b6a3f1f327728bb8c98b8a040ecbef5118a5e
MD5 hash: 24514b2f51d90a5cf9d3ea4e61d22257
MIME type:application/x-dosexec
Signature KongTuke
File name:mozwer.dll
File size:234'496 bytes
SHA256 hash: 8a5aea7768a6a1f972d46ab0e356d99cf57276053d6229a87e6b92456e0da1bf
MD5 hash: 1e40d8ac3943d2337e356e1254ef2a09
MIME type:application/x-dosexec
Signature KongTuke
File name:lgpllibs.dll
File size:240'128 bytes
SHA256 hash: e6ddbe470a9448f7c8599aef4e0a11062f06b5e577a312b93f87b1b9765a40cb
MD5 hash: e09913430afea34f4e31d2cc7ed2ba6b
MIME type:application/x-dosexec
Signature KongTuke
File name:softokn3.dll
File size:243'712 bytes
SHA256 hash: 5ee9e1b0346560b617f4c84254183b090e60f7682463de12f2140f651118184d
MD5 hash: 69c3a96146365dfd54673f9f801f78ed
MIME type:application/x-dosexec
Signature KongTuke
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Tags:
malware
Gathering data
Threat name:
Win32.Trojan.Generic
Status:
Suspicious
First seen:
2026-06-29 17:11:29 UTC
File Type:
Binary (Archive)
Extracted files:
43
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__QueryInfo
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Rule name:PE_Digital_Certificate
Author:albertzsigovits
Rule name:RANSOMWARE
Author:ToroGuitar
Rule name:SEH__vectored
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA512_Constants
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:upxHook
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

zip 063ec3100b9cec2cc2c42988485921182c1b5ae32ce71df84f9ba7415d491fea

(this sample)

  
Delivery method
Distributed via web download

Comments