MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be
SHA3-384 hash: 1c8f4557a848ac4e086ee79610eed2cbac19c281f2b963c334cf8db1c191185d6e3e618ef3b8aa090781308e7ecf3d7f
SHA1 hash: 983ab036a06b5cefdae510bf666126f6837fd303
MD5 hash: d0c4ba539057b9937adae3a6004b35cd
humanhash: connecticut-harry-black-vermont
File name:modloader-fabric-mc1.21.4-1.0.4.jar
Download: download sample
File size:26'806'604 bytes
First seen:2026-03-18 09:47:17 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 786432:xj0pgq9hZ5YSkRV67cwmHgxzt0ZEGNRnq6:xf0hsx07cweIyZ9/z
TLSH T16547025A7DD6D229D647A47604A3C053782E91DDE48BD02B29E54C8ACE73C890F13FEE
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter Neiki
Tags:jar spark SugarSMP

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
modloader-fabric-mc1.21.4-1.0.4.jar
Verdict:
Malicious activity
Analysis date:
2026-03-18 09:49:20 UTC
Tags:
anti-evasion discord websocket stealer evasion aegis generic antivm
Link:
https://app.any.run/tasks/7e4f63de-693e-4f0b-a5aa-dae020a12075

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57929/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69ba74ca88c80c01586b9482
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69ba74eb493cb7d62d03fb41/reports/7f9399ea-dbbf-4664-8650-e474d1b35290/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be
Verdict:
Clean
File Type:
jar
Link:
https://opentip.kaspersky.com/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be
Gathering data
Verdict:
Malicious
Threat:
Family.AEGIS
Link:
https://tip.neiki.dev/file/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ifjkpebspf3dkpqozjwzt7rnq6agsnl73g3ompeabgoicum6bg7a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/260318-lse42afv5t/
Behaviour
Suspicious use of SetWindowsHookEx
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/4152a790327976353e0eca6d99fe2d878069357fd9b6e63c80099c81519e09be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57929/

Comments