MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 9 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432
SHA3-384 hash: e25335865f9979a8985869699d94d64a9dfec4bfe1dc132d0f64f37854a9324424cdb80a6c1a8a21e2293c8c6019ed60
SHA1 hash: 8ef6bc6b25211d9dacfd7aa9466679f56636a95f
MD5 hash: 5b81c66caeabbee71943bce0b99b53a1
humanhash: yankee-green-finch-timing
File name:sh
Download: download sample
File size:9'852'034 bytes
First seen:2025-03-15 14:36:31 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 196608:ghxPPvdyf5bhTttIbWyLdq6r7Xt9ldREsddEcqqgW1EGQDKk/MiKJz:grPnW5NTsbHq6r7v7ddEci1T/MiK5
TLSH T1C4A633AED8023F54C337D4AB19CB94103D9B127F5FE29F137526A9C39F8098AB02955B
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter aachum
Tags:7z file-pumped


Avatar
iamaachum
https://www.dropbox.com/scl/fi/rvtr4ke59w09m2grvtmxz/sh?rlkey=xeikugx6ksbcsygt98r7veuyq&st=nbdtjlmw&dl=1

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
ES ES
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:AgnotSecurity.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:709'503'199 bytes
SHA256 hash: 134e9b7d07cdc91bf2f6214cce0e82f473863f1b41a9a580d7e25f105fbe73cd
MD5 hash: e00386c520ff376e96effd2a2744defd
De-pumped file size:16'353'792 bytes (Vs. original size of 709'503'199 bytes)
De-pumped SHA256 hash: 4e2dc5439cedf64588bc2b9421f5ac315ad8473edc1568582f83e521a5948ddb
De-pumped MD5 hash: d30bd7075d2ceca7f8e2ac68095b3ac1
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d5cbdd3962f1a6f471b1dd
Tags:
shellcode
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context bloated embarcadero_delphi explorer fingerprint invalid-signature keylogger large-file lolbin overlay packed signed
Link:
https://www.filescan.io/uploads/67d590a6dab9a7b6c594d53e/reports/0286ae2d-520f-46a8-92ed-382026a27da3/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fqntlqhvvsg6ug64dndjq5nxs2g32hp3if6pmwhifsxsfdiccqza._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:BobSoftMiniDelphiBoBBobSoft
Create hunting rule
Author:malware-lu
Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

7z 2c1b35c0f5ac8dea1bdc1b469875b7968dbd1dfb417cf658e82caf228d021432

(this sample)

Executable exe 4e2dc5439cedf64588bc2b9421f5ac315ad8473edc1568582f83e521a5948ddb

  
Dropped by
LummaStealer
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3478476/
  
Dropping
SHA256 4e2dc5439cedf64588bc2b9421f5ac315ad8473edc1568582f83e521a5948ddb
  
Dropping
MD5 d30bd7075d2ceca7f8e2ac68095b3ac1

Comments