MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db
SHA3-384 hash: d70147055534d23e69680f9e7957370c2582b812c35c21b8a5591cac299864712ef311988fbaaab970f1212d4dad5a9e
SHA1 hash: c6f99ab5a41c52edf1404833805405571b8cd7ff
MD5 hash: cca024a040cce384ed40d54829790847
humanhash: batman-black-dakota-magnesium
File name:11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db.zip
Download: download sample
File size:274'547 bytes
First seen:2026-03-31 10:56:18 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:L4fROtc1uwNOJ9Yo+7gp4dbSFaXY2qYKCrX7uvQvxNFUZ7g4:LqRYbMqYo+7k4oFaXY2xNFUt
TLSH T138442343D546C5DBD0D1B9AC0DF36E85961CA3BB2ED63AD5484CE3061C6132CBC4AABB
Magika zip
Reporter JAMESWT_WT
Tags:individually-bangkok-dedicated-static nol-zip zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
IT IT
File Archive Information

This file archive contains 8 file(s), sorted by their relevance:

File name:pul.bin
File size:103'170 bytes
SHA256 hash: cbd0013d80b498cbc5990f2e130c902702f1a0ab3a672b7ca9329ec02feaaeb6
MD5 hash: 4a9618a844f7d6756b745f314ff78e41
MIME type:application/octet-stream
File name:xe.bin
File size:85'250 bytes
SHA256 hash: 50816175f949926aeb2026421878f39688ffb89a85bf0f1fb5d861446cc2606b
MD5 hash: 79cbb36a5cff52d69c3bae96fb9df865
MIME type:application/octet-stream
File name:aa.bin
File size:94'165 bytes
SHA256 hash: 179eec4dc75314b93f6bead486d93f743ff3344c877920ddf356c13f5b8c5ad2
MD5 hash: 4756c8e73222e354dfaf05d991702556
MIME type:application/octet-stream
File name:c.json
File size:437 bytes
SHA256 hash: 1ac94223754d5c73804c1e1f35fcb06920e102938860e593666120c3c6354f36
MD5 hash: 841b9900ad36096af012886a7821cc6e
MIME type:application/json
File name:va.py
File size:19'625 bytes
SHA256 hash: fd9d6fcadd1cd2fdc1564c9a44cff4876a27beb212aef4b5702e5647233ae998
MD5 hash: 10384cde352ec635214b09dfab837b8a
MIME type:text/x-python
File name:x.json
File size:521 bytes
SHA256 hash: 283c44f2fbbbfb429bcc7c89ac5bc7a7a5dfa292000f4dc34e63549b5088c18f
MD5 hash: b7cfd5dc010361c32c2ea7bac4ad04bc
MIME type:application/json
File name:p.json
File size:521 bytes
SHA256 hash: 85cb8d6b8657d7f2b1c822d1b91fc2ffb4c32ddb74fedb26e31d6ae088f6d5b5
MD5 hash: b1092398261a5edd9157ff757c011144
MIME type:application/json
File name:so.py
File size:12'952 bytes
SHA256 hash: 5cab6bf65f7836371d5c27fbfc20fe10c0c4a11784990ed1a3d2585fa5431ba6
MD5 hash: 6272e557fe2c2649e785faf2efe4a092
MIME type:text/x-python
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.Packed2.45458.14924.4238.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69cba8183a18a6e1ddeffc31
Tags:
ransomware
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db
Score:
17%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/cca024a040cce384ed40d54829790847
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cg4sv37koef67drw4lhcjlfbvofneiswvlln5imbghkzj5wpspnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260331-n62w3acx2w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/11b92aefea710bef8e36e2ce24aca1ab8ad22256aad6dea18131d594f6cf93db

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments