MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26
SHA3-384 hash: eb2396c9fa3c0c97ec3cf8c5868fb818ae7f839d131b4f178601b682f1b1334ec3f499840297678312869e8f5c010180
SHA1 hash: 3b1501ef8bfa1f1fe073889182397948f91438c9
MD5 hash: b56635a047eaa3f5dd1bb68024fded80
humanhash: yankee-thirteen-four-mountain
File name:uplory.zip
Download: download sample
File size:3'629'258 bytes
First seen:2025-04-12 03:01:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:ApMht/1xN3JU1t6osW21PBT04J+yFYhZowKgKE2dq79E:ApMhttxN3JUb6osDFBTB+yehZowKldq6
TLSH T128F502F5165BB770EE29E43B6B1F046F6A4F40E060BB2662C9E45106738D8336DC76CA
Magika zip
Reporter Merlax_
Tags:mailextractor Mispadu zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
128
Origin country :
RO RO
File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:z_______________________________________________________________________________________________________________________________9996365.xml
File size:56'188'938 bytes
SHA256 hash: 0c9a33e8a056c200448b98c8a06b5bd27c6a095e252b0fe365f2cfc923297a0c
MD5 hash: e410801bcc45fb46b08d7a0d5946e172
MIME type:application/octet-stream
File name:uplory.vbs
File size:15'806 bytes
SHA256 hash: 9a1472ef13e39dfad9e08802bfd2b813a78d4b18c8f62804ae97f1f978de550e
MD5 hash: 8238befd85a6e3f1e31cc663fdeb3d3b
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Foxhole.JS_Zip_1v.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.VBS-in-ZIP.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f9e1ef1dba888a93d13092
Tags:
autorun virus miner sage
Result
Verdict:
Clean
File Type:
XML File
Link:
https://app.docguard.net/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26/results/dashboard
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive persistence
Link:
https://www.filescan.io/uploads/67f9d7ae40adfb5162c06fd7/reports/fc44e6cc-cbd4-48ca-bdad-220c4160d849/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26
Score:
6%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26/
Threat name:
Script-WScript.Trojan.UpperTox
Create hunting rule
Status:
Malicious
First seen:
2025-04-12 03:02:09 UTC
File Type:
Binary (Archive)
Extracted files:
2
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=e2jayqd2gnvcoiyzjxantvt2dtx5hgwofwc7y4e7tsl7jz3zjqta._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://tria.ge/reports/250412-g29msayp15/
Behaviour
Scheduled Task/Job: Scheduled Task
Script User-Agent
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Enumerates physical storage devices
Checks computer location settings
Drops startup file
Blocklisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/26920c407a336a2723194dc0d9d67a1cefd39ace2d85fc709f9c97f4e7794c26

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_tiny_vbs
Create hunting rule
Author:daniyyell
Description:Detects tiny VBS delivery technique
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments