MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SkyCloak


Vendor detections: 8


Intelligence 8 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082
SHA3-384 hash: b891c6c46cec60f3b07e2938d020e468220f2f66342934a63ce3f5ccdd80dc914ab3d0143715cb625807420241e47e46
SHA1 hash: 7b50320a005cf68e5c17d51a8fd8422ceef1611a
MD5 hash: 0b6f7356919b9632c1158681ee0462f3
humanhash: connecticut-illinois-william-dakota
File name:Scan_Media_1757_dsp_Prikaz_na_perepodgotovku.zip
Download: download sample
Signature SkyCloak
Create hunting rule
File size:12'524'776 bytes
First seen:2026-01-12 21:21:53 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:j0kbfrkMDJePO6TnNLe5n38ey4NsSE4l0IbW+eeuXRCbs3fXvDLkWoXEpXcewU+j:jgm65SpqNSJWrRos3fX7UUtcewcnWjfh
TLSH T179C633C82C71CCD936CAAF261B4A6AF4F76041613FD6614784532B44AB379EDCFDA04A
Magika zip
Reporter smica83
Tags:SkyCloak zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
136
Origin country :
HU HU
File Archive Information

This file archive contains 20 file(s), sorted by their relevance:

File name:postman.exe
File size:17'705'984 bytes
SHA256 hash: 06845a04d2329ca39c8378cb83118f6ffd278805f5b229cb65c21c4ca989fd56
MD5 hash: 8c0434571198367df2cd1344f2bdc0cb
MIME type:application/x-dosexec
Signature SkyCloak
File name:localTaskStep
File size:394 bytes
SHA256 hash: b12c8f2bf09540c1939ea5a50b578a5c49c9ace660880c9863d130ce0605f4a4
MD5 hash: 4dea4aa82099ed5a96200308f80d113e
MIME type:text/plain
Signature SkyCloak
File name:jsonSignal
File size:220 bytes
SHA256 hash: b75d9ee46a3df930a3a49ab6a0ad1791ef232ecc1346fd0bff638996b7d6ae3b
MD5 hash: 115213027ef5ddaa6c859ab0b2d094ba
MIME type:text/plain
Signature SkyCloak
File name:imageSize
File size:179'940 bytes
SHA256 hash: 87f6b11d6fce128e318526b1506d96df24c7ffa7b865676748f82fdd22237a68
MD5 hash: 5cc8c6c866d1b50d3094b74758e095ae
MIME type:text/plain
Signature SkyCloak
File name:localTaskStep.pub
File size:81 bytes
SHA256 hash: a6cbe4dc544e4e725fa8a0cf8389b3d2f3ade967c0b06b182b88d3cc2ee637b0
MD5 hash: 96d9f7d01b7475c8f5f96dfffaf38821
MIME type:text/plain
Signature SkyCloak
File name:compressor.exe
File size:1'343'920 bytes
SHA256 hash: 6f31cf7a11189c683d8455180b4ee6a60781d2e3f3aadf3ecc86f578d480cfa9
MD5 hash: 6615ea2fa3b879d27687a7ce917e93b0
MIME type:application/x-dosexec
Signature SkyCloak
File name:xmlOutput
File size:223'681 bytes
SHA256 hash: a6807c3f10e4ba12c260365ded338d0cfbecbc134719dfc57b439c4d931ba42a
MD5 hash: b94610f042badd027785338590cb2fd5
MIME type:text/plain
Signature SkyCloak
File name:ssh-shellhost.exe
File size:189'360 bytes
SHA256 hash: feae0baf291ff54a1366f0cd628665d2b1c9fe279ce2544d4f84c7aa46064f3c
MD5 hash: 6eafae19d2db29f70fa24a95cf71a19d
MIME type:application/x-dosexec
Signature SkyCloak
File name:edge.exe
File size:384'432 bytes
SHA256 hash: a0eed0e1ef8fc4129f630e6f68c29c357c717df0fe352961e92e7f8c93e5371b
MD5 hash: 37e83a8fc0e4e6ea5dab38b0b20f953b
MIME type:application/x-dosexec
Signature SkyCloak
File name:defaultSessionDate
File size:2'974 bytes
SHA256 hash: eeafffbd3b02809692aa7d26f426867c8eb1ddce03685bb055de4977bfda8bef
MD5 hash: 3ffa32dec588c86e0b1b739b7dc5b1a8
MIME type:text/plain
Signature SkyCloak
File name:activeAdminDuration.xml
File size:1'427 bytes
SHA256 hash: e9282167b1ab7c1567818e40471d94be3294257804eefa824ee8ecb8fedaff57
MD5 hash: 74405e7554184cc30ae8b9d741d3ce9a
MIME type:text/xml
Signature SkyCloak
File name:secondaryRowSize
File size:322 bytes
SHA256 hash: 6c5ccf3832d567e3f9ea52d1f7e33baf496e2b4063d28cb327447e6bbde560d3
MD5 hash: 70d1ba766bdb7d8b35884a3a95f68f07
MIME type:text/plain
Signature SkyCloak
File name:visualstudiocode.exe
File size:10'385'920 bytes
SHA256 hash: f78d87ff967bbdebbc43c58c2b5376522d2bbc975c98727c75bf28e2eb23ffd0
MD5 hash: 82710b81e610f074fe97a4f76e7f0843
MIME type:application/x-dosexec
Signature SkyCloak
File name:libcrypto.dll
File size:1'885'752 bytes
SHA256 hash: 065d3a16b418dfe5647c56c8a1787ac540b13299bdf35f69e9980525804cb9ab
MD5 hash: bfb07109da9eef8ecb8e4360a56b1641
MIME type:application/x-dosexec
Signature SkyCloak
File name:pdfGroup
File size:4'336 bytes
SHA256 hash: 1ba396a8cd9af661e0a5ceb1107c787290cff3ab05b70a9c5154f4e040f716be
MD5 hash: ffefe836255e742abc3dc692d1dda3a4
MIME type:text/plain
Signature SkyCloak
File name:photoTrigger
File size:292'925 bytes
SHA256 hash: 04d8f72161dc0bc6f998b585474fd9c32a1d86a8a481a4744d11897635ed5e41
MD5 hash: cfdb290907879560da7a2a852b8bcbc8
MIME type:text/plain
Signature SkyCloak
File name:currentLogMethod
File size:83 bytes
SHA256 hash: 6d90cb2ca190fc4ab9df59f9b6e4de3eec80afdf8a615c517625b5cc8e3b6c24
MD5 hash: 0477f8191b07ca232c83fbaf3bb227cf
MIME type:text/plain
Signature SkyCloak
File name:notificationList.xml
File size:1'415 bytes
SHA256 hash: 108c832d26b57e88ad3aa1a1f38edf0475ee62dfc79e2aa2cb854d3f03a10ac3
MD5 hash: 6f33d85cfe7cff3d6afb5da7a42bfa49
MIME type:text/xml
Signature SkyCloak
File name:Scan_Media_1757_dsp_Prikaz_na_perepodgotovku.pdf
File size:238'237 bytes
SHA256 hash: 36d104a18c1e966b11253eb637a452288cb94ce240ee6fff7c2d14d7ae8086ee
MD5 hash: 41155d85dbaa61801f95aa183facf4e3
MIME type:application/pdf
Signature SkyCloak
File name:Scan_Media_1757_dsp_Prikaz_na_perepodgotovku.pdf.lnk
File size:2'439 bytes
SHA256 hash: 42910bf2aa4ac9d62e2b32e6fadc42f11bd7215fee492ecf72cfd6238965d066
MD5 hash: 4d5074d6e0722ceec45a083fa8444164
MIME type:application/octet-stream
Signature Quakbot
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/7ab06fa4-5dba-4aaa-93e5-dfbd2255914d/
Detection(s):
Win.Trojan.Suspect-34
Create hunting rule

Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.LNK.PowerShell.Download-4.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30776.LnkHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30777.LnkHeur.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLook.20220523.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLook.20220622.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.20221214.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.KingForADaypshell.20231121.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fdc8123bdc93eb05647b0f
Tags:
injection obfusc crypt
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082
Verdict:
Malicious
File Type:
zip
First seen:
2026-01-12T19:18:00Z UTC
Last seen:
2026-01-12T19:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082/results?tab=lookup
Score:
93%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082/
Threat name:
Shortcut.Trojan.Etset
Create hunting rule
Status:
Malicious
First seen:
2025-12-30 14:05:50 UTC
File Type:
Binary (Archive)
Extracted files:
52
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fknzohedlyxol4mq2bummatad7npoggyx7qilqqdfvm2n4s62cba._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2a9b971c835e2ee5f190d068c602601fdaf718d8bfe085c2032d59a6f25ed082

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Archive_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies archive (compressed) files in shortcut (LNK) files.
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:Detect_Remcos_RAT
Create hunting rule
Author:daniyyell
Description:Detects Remcos RAT payloads and commands
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:PS_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.
Rule name:SUSP_LNK_PowerShell
Create hunting rule
Author:SECUINFRA Falcon Team
Description:Detects the reference to powershell inside an lnk file, which is suspicious
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments