MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b
SHA3-384 hash: 2a8a7ae39df483ff0d9e77f4897668c13a55c09f220446d92e22c59dc3318e07132ac3c9238c4bf5536ed4fff71406fe
SHA1 hash: 7249e788e7d978c5892b0a09b97cf718fef2041e
MD5 hash: 5a54d8e2aece52217a3b7696de641425
humanhash: william-bacon-moon-december
File name:crypter-main-MALWARE.zip
Download: download sample
File size:7'475 bytes
First seen:2025-05-20 09:37:12 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:CxD2RolvOqDyjPnuJA0IxUmfaNgXdmoUuP7fAY:C8ylmjPuu0IxURkdmvMjx
TLSH T104F19EC4CE0699A1CB2816333D7161CDF354FC08B68A579C472C1AA41ECCB15EB21BCC
Magika zip
Reporter simwiping
Tags:encrypted fud github obfuscated py stealer zip


Avatar
simwiping
https://github.com/framp1932/crypter was where i found it

Intelligence

File Origin
# of uploads :
1
# of downloads :
147
Origin country :
DE DE
File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:Base64_encode.py
File size:4'503 bytes
SHA256 hash: 76b7c41800672f646a3f79f7389bafc2752fc3f194bda63a77e6345ac4659612
MD5 hash: 717c5734e8eeb09cb4275c96fc999d3b
MIME type:text/x-python
File name:README.md
File size:2'897 bytes
SHA256 hash: aeefaf75df100675314b98cb73805c54988a8dceaf8541f7e50697bccc11ce3d
MD5 hash: 319d75dee0247f55d6eeb1cb306d4eca
MIME type:text/html
File name:Crypter.py
File size:4'749 bytes
SHA256 hash: 49d3e213f0a509af9c251f7dc7717333e492e31df868dcf2523a5e4fa2b2fd6e
MD5 hash: fdf2c2330e9aaaa46533c0177442a2eb
MIME type:text/plain
File name:BypassVM.py
File size:6'084 bytes
SHA256 hash: 6b23f3bf6ab8545b13f72ebe526f6b9eebf880ce53cc22d7fe39206e53edd081
MD5 hash: 695cf530fd3fbc411526fea863c8b228
MIME type:text/x-python
File name:AES_encrypt.py
File size:7'993 bytes
SHA256 hash: 576d094de394cff90060cbd6e7d6e656173d8ca6c2af53ded915faa541e7cd5f
MD5 hash: 8882e7e8dde165896dab24010f173be1
MIME type:text/x-python
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Trojan.Python.Psw.23101.7361.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
91.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=682c4d4fc28c67d6664243f8
Tags:
vmdetect spawn shell sage
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/682c4d4dc609634bd7cb226b/reports/1d84a69e-702c-479b-812d-27f3cf44f951/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b
Score:
82%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b
Threat name:
Script-Python.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-05-20 09:38:22 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
5 of 23 (21.74%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ggnkcfikocysdpl4tpoiv3u4nz6ixaoxr4u3slp3u3ppqyzssgfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250520-nlewssyl15/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 319aa1150a70b121bd7c9bdc8aee9c6e7c8b81d78f29b92dfba6def86332918b

(this sample)

  
Delivery method
Distributed via web download

Comments