MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 422586d9bf14a270bc9a0e397ed5effe7bb88f0a1955cf98aecd435f68f42788. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments

SHA256 hash: 422586d9bf14a270bc9a0e397ed5effe7bb88f0a1955cf98aecd435f68f42788
SHA3-384 hash: 05b8c9f170c58d3a310aaeb08a76b0036d49c6e16f4cc697aa326ea7b77a4e39a39df02331655b75e73d56a14b0f1af0
SHA1 hash: 5d0fb2b8e38bb047db2ed2f28ac4ec4a0dfce040
MD5 hash: be33f7802c6472ae56f142495aa19c5e
humanhash: failed-papa-high-four
File name:データレポート.rar
Download: download sample
File size:734'291 bytes
First seen:2026-03-04 11:10:09 UTC
Last seen:2026-05-22 09:02:32 UTC
File type: rar
MIME type:application/x-rar
ssdeep 12288:87C/fpL28VP/e0bK9ar+o/vMMTBYy8WCq0RcpzFlk2bdM3tWrQWjRYn+36cqTMeO:gC/fpL28VzrSuBYy8WHBNb2ojmmNMZO
TLSH T1EFF423A8EDB061A8E595FC27BF2BC1D792681CF2C0141C6F92BFC66D076530B9122DB5
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter juroots
Tags:rar

Intelligence


File Origin
# of uploads :
2
# of downloads :
85
Origin country :
RO RO
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:teamspeak_control.bin
File size:454'704 bytes
SHA256 hash: 35cba0dfaa6987f3ddec6a554727755017d0631207a50f9d89eb28685398ff0a
MD5 hash: 90c4cc13cdc60aea9cf336604a220ac6
MIME type:application/octet-stream
File name:データレポート.exe
File size:599'384 bytes
SHA256 hash: 2d2a251a88632f010fd9671789746908eeccaa5bc5c0a5d25e4649efe4f5b15d
MD5 hash: 315bda377beafb746f1c2f4fba430867
MIME type:application/x-dosexec
File name:teamspeak_control.dll
File size:335'872 bytes
SHA256 hash: a4948b3a039798aca48f937886546122bca1120095d4455e418c1698cab94831
MD5 hash: 883466043206c75a420716e83da0f506
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Tags:
malware
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
microsoft_visual_cc
Gathering data
Threat name:
Win64.Trojan.Generic
Status:
Suspicious
First seen:
2026-03-04 08:56:03 UTC
File Type:
Binary (Archive)
Extracted files:
17
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:PE_Digital_Certificate
Author:albertzsigovits
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

rar 422586d9bf14a270bc9a0e397ed5effe7bb88f0a1955cf98aecd435f68f42788

(this sample)

  
Delivery method
Distributed via web download

Comments