MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 41ac3626d127dbbcec3b9a7893c4e30ad7dae9cf2fea69d2c1c037b46065578f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 3 File information Comments

SHA256 hash:	41ac3626d127dbbcec3b9a7893c4e30ad7dae9cf2fea69d2c1c037b46065578f
SHA3-384 hash:	7903a3449318a192127ff9a43af5e2c6dddf89759cdbaf9d5efd51837fc9c077aa56e9dfeaded19f32184674f6174cf2
SHA1 hash:	51c3fdf8683d9c88648cc856146baca0ba87d7eb
MD5 hash:	119a19f263c4e80a586b89fa1a786bc3
humanhash:	juliet-minnesota-golf-hotel
File name:	Social Security Statement.zip
Download:	download sample
File size:	11'020'542 bytes
First seen:	2026-03-19 20:19:34 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:UmvFmvUmvLmvymv5mv4mvPmvmmvtmvHmvQmvxmvqmvDmvsmv9mv2mvfmvImvYmvh:UmtmcmzmamhmAm3m+mFmvmYmZmSmrm0G
TLSH	T1AFB6238AE02211F4DBBD9F3C5D61E1F5A72BD880EC9122F7667B0675CAACD374A91007
Magika	zip
Reporter	smica83
Tags:	UKR zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/9434003a-2c34-425d-8724-6e994dc495e7/

Detection(s):

Win.Trojan.Suspect-34

Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69bc5a8a93b644ca466bc925

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/41ac3626d127dbbcec3b9a7893c4e30ad7dae9cf2fea69d2c1c037b46065578f

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/41ac3626d127dbbcec3b9a7893c4e30ad7dae9cf2fea69d2c1c037b46065578f

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Base64 Encoded URL

Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.

Verdict:

Malicious

File Type:

zip

Link:

https://opentip.kaspersky.com/41ac3626d127dbbcec3b9a7893c4e30ad7dae9cf2fea69d2c1c037b46065578f/results?tab=lookup

Score:

98%

Verdict:

Malware

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	FreddyBearDropper Create hunting rule
Author:	Dwarozh Hoshiar
Description:	Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.

Rule name:	Script_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies scripting artefacts in shortcut (LNK) files.

Rule name:	VECT_Ransomware Create hunting rule
Author:	Mustafa Bakhit
Description:	Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample