MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e
SHA3-384 hash: 1bbb361e3b81a310fa2e9217e907d4f2d08e6ada72e6273fb855f799b9fb6c9741bae940a82288dcf84b82407f08a3eb
SHA1 hash: 67dbc5fa5d939c55b7f87d67e9e55caa802cbee8
MD5 hash: b761bf7fc2194f00d6fe0eeb07d53fbc
humanhash: arkansas-robin-colorado-seventeen
File name:Conference_invitation.zip
Download: download sample
File size:271'512 bytes
First seen:2026-06-09 14:47:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:Xl84/L1KN1oZmCCFUPvkRbBEZZtR5odnhgHG3e6WT3UWfbl:VL/L1KNWBjPveEZrRiR0T3vbl
TLSH T18C44239734781172DC09A6FD0C1C64603BEAA330AD16ED9791A08BF2DB7E420F7BD596
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
HU HU
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:string.txt
File size:382 bytes
SHA256 hash: e2412916f2a1a0d38727d8556cfe05ecb7d9473c87c1ad434488f95333dc08b9
MD5 hash: 720411db73e091839750c443a3beac4a
MIME type:application/octet-stream
File name:205
File size:258 bytes
SHA256 hash: a938d4aee628bbdef86bdbd93e7bb91728cd2ae9475d412bbc7b1eff260527da
MD5 hash: f1111e9749abef05cc4b2cd8dfaf042d
MIME type:application/octet-stream
File name:Ph-china_Joint_Ministerial_Meeting.Scr
File size:370'368 bytes
SHA256 hash: bc3fa1236cb38b2957d3e4a58022f28d877098a22e3ecf720730bf1039bfb310
MD5 hash: 36003393880dcf3dda810f3e15c09b98
MIME type:application/x-dosexec
File name:AMPV.dll
File size:259'072 bytes
SHA256 hash: 47e51e82229e80a387c3cb100d39d3705e6360bbf9bfa1601dbc484e8d02e653
MD5 hash: 6ee1c8277a88f05fb92e56a2044e47d2
MIME type:application/x-dosexec
File name:129
File size:593 bytes
SHA256 hash: f9cd835cfb754705a20aa83f8093b0e9628cd697904ad51366143300864ffe2f
MD5 hash: 24f2cb0aff2e77dbf168c31d654e6564
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/501a99d8-97fc-4ee6-ac16-df594b4f48ba/
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a2827c034eaf30d8ce44d50
Tags:
trojandropper dorifel dropper virus
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
adaptive-context anti-debug evasive expired-cert fingerprint installer-heuristic microsoft_visual_cc reconnaissance signed
Link:
https://www.filescan.io/uploads/6a2827bb1f652d686572a832/reports/8b2acb9e-5179-4f66-8489-77d4fca074b2/overview
Verdict:
Suspicious
Labled as:
Trojan.Heur
Link:
https://www.hybrid-analysis.com/sample/2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-09T13:23:00Z UTC
Last seen:
2026-06-09T13:31:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e/results?tab=lookup
Score:
13%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-05-25 06:07:04 UTC
File Type:
Binary (Archive)
Extracted files:
40
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fru5v6bxwrdkxdveduflve5najyahtcr67s6mmfblh6z5ys47apa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery persistence
Link:
https://tria.ge/reports/260609-sbyndacw3w/
Behaviour
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2c69daf837b446ab8ea41d0aba93ad027003cc51f7e5e630a159fd9ee25cf81e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments