MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5
SHA3-384 hash:	149604af24b7dd545cbbb83f0cba5464bbe3ccb740d3339956ae99ed9a1d8666e7525cc6419b20290bbc259f0b4db265
SHA1 hash:	e5fad6fd17490dc6e3c22c4a153eb512968d01df
MD5 hash:	4eb04c49fb00e99982ecc5986481d3d1
humanhash:	coffee-sodium-enemy-mike
File name:	o.xml
Download:	download sample
File size:	747 bytes
First seen:	2025-11-20 03:57:19 UTC
Last seen:	Never
File type:
MIME type:	text/plain
ssdeep	12:FH8ioNJAC7ukxGWi2jU30+0K5+A+GEjICk40slk40BA71/PFGZhG+E6:FH8j/wWi2jzyIIpVsSV01/PFw
TLSH	T1A001F7AED1EC9E500AF5C686B2BC824CC491408391F46BD2F34E49336F66ACE7C9320D
Magika	xml
Reporter	abuse_ch
Tags:	xml

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=691eb45f27c5936d7d0dfbd4

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

opendir

Link:

https://www.filescan.io/uploads/691eb4591075e14329d0f42d/reports/3f126813-5936-4351-bf9d-218c12fc9d26/overview

Verdict:

Suspicious

Labled as:

TrojanDownloader/Linux.NetLoader

Link:

https://www.hybrid-analysis.com/sample/0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5

Verdict:

Unknown

File Type:

text

Link:

https://opentip.kaspersky.com/0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5/results?tab=lookup

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5/

Threat name:

Script-JS.Trojan.Heuristic

Status:

Malicious

First seen:

2025-11-20 04:15:03 UTC

File Type:

Text

AV detection:

8 of 24 (33.33%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bqf75gim47re5so3wmb6mg3o7rbr7vieesn45qyq2p2nczf3k3sq._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

0c0bfe990ce7e24ec9dbb303e61b6efc431fd504249bcec310d3f4d164bb56e5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3704793/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3712486/

URLhaus

https://urlhaus.abuse.ch/url/3712504/

URLhaus

https://urlhaus.abuse.ch/url/3712520/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample