MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d
SHA3-384 hash: e4d93f956383511477207ae805602d5b0eb7bab37cc39022109e0ff03f82ba7e78eeba63b001e84a881b96c60d5d5664
SHA1 hash: 48f914db989f60c8963dc95e02f709792f302f61
MD5 hash: 7e735d6ef01c3d2c879db7955d819ff1
humanhash: nineteen-table-skylark-potato
File name:7e735d6ef01c3d2c879db7955d819ff1.zip
Download: download sample
File size:100'976 bytes
First seen:2026-02-14 16:33:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:ahCl5bCTk2cefvMFVshcawbWVk2/de2kCFHUqjYQT:qy7LefvMFVs6fR2/U+UqJT
TLSH T188A31367E7E405B2E4C5E618793E77C385C86433CA3DBAC886D58468D274BBF4682335
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
HU HU
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:암호.txt.lnk
File size:2'475 bytes
SHA256 hash: 46772972037abd7eba98599a759a8560d503d035b48ab3560bda2044e052ea91
MD5 hash: 8506cedb51cd59e549c41ccada365ede
MIME type:application/octet-stream
File name:성범죄자 신상정보 고지.pdf
File size:101'405 bytes
SHA256 hash: c24353e61826eb7187d1acabbd857ddb694ddfe130eb1f5195aadd39701565ca
MD5 hash: 172dc997ca6022ec8dff0842e4c7b887
MIME type:application/pdf
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/48ce6a60-042c-4e88-90df-1e090683ab7c/
Detection(s):
TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.20221214.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.KingForADaypshell.20231121.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6990a4092715406c64797128
Tags:
shell virus miner
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
encrypted
Link:
https://www.filescan.io/uploads/6990a3d3930564ff3ca115ee/reports/6ec07204-3e9b-4e49-8f6a-6197d549e985/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Document With No Content
Document contains little or no semantic information.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d/results?tab=lookup
Verdict:
Malware
YARA:
3 match(es)
Tags:
Batch Command Execution: CMD in LNK Execution: PowerShell in LNK LNK LOLBin LOLBin:powershell.exe Malicious PowerShell PowerShell Call T1059.001 T1059.003 T1202: Indirect Command Execution T1204.002 Zip Archive
Link:
https://app.malva.re/file/7e735d6ef01c3d2c879db7955d819ff1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d/
Threat name:
Shortcut.Trojan.Etset
Create hunting rule
Status:
Malicious
First seen:
2026-02-13 13:26:08 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ccq2eldhvpak7thtopqf2enctjqtwkdti7kv4b2zoalm4cifiigq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/10a1a22c67abc0afccf373e05d11a29a613b287347d55e07597016ce0905420d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_Remcos_RAT
Create hunting rule
Author:daniyyell
Description:Detects Remcos RAT payloads and commands
Rule name:Execution_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:SUSP_LNK_CMD
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious
Rule name:SUSP_LNK_PowerShell
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to powershell inside an lnk file, which is suspicious

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments