MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1356bf8be4d91d79450f17862cea9776b4a33d386762255aecd3f7c8b37de663. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA 14 File information Comments

SHA256 hash: 1356bf8be4d91d79450f17862cea9776b4a33d386762255aecd3f7c8b37de663
SHA3-384 hash: c739e82ba6e2a195b526ca4b254668444c0c7be7c6e30d1ec30f6c4f5f3c00fbef31176ede5f85b053368fd1eba0a04c
SHA1 hash: 50729ac304fa43e71f4bae5f8a3fc1dace506052
MD5 hash: b17e663f451010662f7b41d58da54e74
humanhash: cola-yankee-item-football
File name:photo_98285721655.zip
Download: download sample
File size:855 bytes
First seen:2026-06-27 05:56:46 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12:5jhiVZhxjYGhUls8O7SFhe7z44lw//tWxgGvQEMcxahPZgRXeEVf8xyVtJD90IY4:9Uj0s8O7SFOVbgCQ3e/VkmbDeIYNB+n
TLSH T1F311866161210A36D7FE16B125A810FEAFFD4389023962683563AE5222A65A40B43868
Magika zip
Reporter JAMESWT_WT
Tags:booking jenniferloeffler-com Spam-ITA v0hkpadr04mbz5lkearqa-com yigu360-com zip

Intelligence


File Origin
# of uploads :
1
# of downloads :
181
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:photo_98285721655.png.lnk
File size:1'885 bytes
SHA256 hash: 287e00573282382fae497baf9a74bbd7ec79d46084df366e4cbf6001d30afb5d
MD5 hash: dde9134ec4d79e80de7b9533fc0c42ec
MIME type:application/octet-stream
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Tags:
infosteal rapid
Result
Verdict:
Malicious
File Type:
LNK File - Malicious
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cmd downloader evasive lolbin masquerade powershell sload
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-26T12:51:00Z UTC
Last seen:
2026-06-29T00:13:00Z UTC
Hits:
~100
Verdict:
Malware
YARA:
3 match(es)
Tags:
Batch Command DeObfuscated Execution: CMD in LNK Execution: PowerShell in LNK LNK LOLBin LOLBin:cmd.exe Malicious PowerShell PowerShell Call T1059.001 T1059.003 T1202: Indirect Command Execution T1204.002 Zip Archive
Threat name:
Win32.Backdoor.AsyncRAT
Status:
Malicious
First seen:
2026-06-26 17:08:24 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution persistence
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Execution_in_LNK
Author:@bartblaze
Description:Identifies execution artefacts in shortcut (LNK) files.
Rule name:LNK_sospechosos
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:PS_in_LNK
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_CMD
Author:SECUINFRA Falcon Team
Description:Detects the reference to cmd.exe inside an lnk file, which is suspicious
Rule name:SUSP_LNK_SuspiciousCommands
Author:Florian Roth (Nextron Systems)
Description:Detects LNK file with suspicious content
Rule name:SUSP_ZIP_LNK_PhishAttachment
Author:ignacior
Description:Detects suspicius tiny ZIP files with malicious lnk files
Reference:Internal Research
Rule name:SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1
Author:Florian Roth (Nextron Systems)
Description:Detects suspicious tiny ZIP files with phishing attachment characteristics
Reference:Internal Research
Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments