MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861
SHA3-384 hash: 59551ec6029c18e391b1cf99f479a09fdae75b63f72c162e16a6b663756e79c0b49615ea915bec410b3e63eb7d129773
SHA1 hash: a0cb729b35e7bcd2c31c6a56fe7480dcc0ac2cb6
MD5 hash: 0d089e8e3842c30010b918bb9d1c4e08
humanhash: solar-enemy-blue-india
File name:Michael Jacobs.zip
Download: download sample
File size:28'157 bytes
First seen:2025-01-29 22:36:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:0FSgiAepMTlENT92kyZeeKPzXaRczvj3f:0u68Duq7L
TLSH T1DFC2E1F18B00CA0AEA5550B9C463E99DE9B3E90F277177C4F2D503404F9EB95495E32B
Magika zip
Reporter k3dg3___
Tags:More_Eggs TA4557 zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
746
Origin country :
US US
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:Michael - Jacobs .lnk
File size:6'845 bytes
SHA256 hash: bc9117935721c09d2a73cf7c28e3d2e46835d7a22bbe4e266dda0353aa7ce8ac
MD5 hash: 65bac58c862827fc13b11c3ea4142c95
MIME type:application/octet-stream
File name:2.jpg
File size:26'710 bytes
SHA256 hash: c2461ca77b705db41b0dc18deb6b26b4bcf691edfa7857bda7baec3fb1053c12
MD5 hash: e9901fc45647e0411a04ac9137f2f49d
MIME type:image/jpeg
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.DoSetFriendShip.20241202.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Zip.LNK-3.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=679ab0bb29ae628cf42b244a
Tags:
obfuscate xtreme sage
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Link:
https://app.docguard.net/0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
exploit
Link:
https://www.filescan.io/uploads/679aad9126e855d1db52f0a4/reports/75626b8f-cf8f-41c4-9d51-f01061252ed9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861
Score:
13%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b432cg6mwdxn4mk7wnvtlk3kpvp2lsqcntgcjlqorkdwa24crbqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:EXE_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies executable artefacts in shortcut (LNK) files.
Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

zip 0f37a11bccb0eede315fb36b35ab6a7d5fa5ca026ccc24ae0e8a87606b828861

(this sample)

Java Script (JS) js cf4e81998c42ed2eba64004c76c42213d40744088e5f6cf825ee877e6882c49a

  
Link
https://tria.ge/250129-zewfrayne1/behavioral1
  
Dropping
SHA256 cf4e81998c42ed2eba64004c76c42213d40744088e5f6cf825ee877e6882c49a
  
Delivery method
Distributed via e-mail link

Comments