MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


VenomRAT


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776
SHA3-384 hash: 1cfd896831add48cd0cb437179962a1138eea4417942645fccffd2677953c53b5be3a45b006bb6bf55117eae5bb16faf
SHA1 hash: 1891c4e9914bdd5bfe59858d02987f3e1047ce72
MD5 hash: 9706c2ea94eded5170d9271095452350
humanhash: virginia-april-july-timing
File name:Purchase_Order_75957356511.pdf.txz.rar
Download: download sample
Signature VenomRAT
Create hunting rule
File size:167'177 bytes
First seen:2026-05-13 13:07:10 UTC
Last seen:Never
File type: rar
MIME type:application/x-rar
ssdeep 3072:y/S0wiasJz6w1DocBUlFD+vzIBVht2eZKRlaGbowlZ8uCs56W6TCnW:yq03xhE7+0jrGNcwvIW60W
TLSH T1FFF312C6D976CE328E476190373DD878911806B0ACD6852BF7975CA3CBAF78EC810D62
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:rar VenomRAT


Avatar
TomU
VenomRAT C2: 80.66.84.167:4242

48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776 Purchase_Order_75957356511.pdf.txz (rar)
579085581348296ae88419296edc6a8e91acf4463c7994112b5c3f7f3653710e Purchase_Order_75957356511.js

Intelligence

File Origin
# of uploads :
1
# of downloads :
66
Origin country :
CH CH
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/f3e02ff4-5b41-446e-b16b-df97707c5dfe/
Detection(s):
Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Suspicious-Rar-JS.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a047799af3df31fa889d3bf
Tags:
stration shell spawn
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt encrypted masquerade repaired
Link:
https://www.filescan.io/uploads/6a0477912fcb905ec29468f7/reports/ba4db400-369f-477b-a520-9219acdd252f/overview
Verdict:
Suspicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776
Verdict:
Malicious
File Type:
rar
First seen:
2026-05-13T09:51:00Z UTC
Last seen:
2026-05-14T04:01:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776/results?tab=lookup
Verdict:
inconclusive
YARA:
1 match(es)
Tags:
Rar Archive
Link:
https://app.malva.re/file/9706c2ea94eded5170d9271095452350
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776/
Threat name:
Win32.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-05-13 13:07:36 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jc2z6j62ilh6fu5ya2q4ohgi3d6oararegqxzwgbwmf7ly26u53a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.30
Link:
https://yomi.yoroi.company/submissions/48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

VenomRAT

rar 48b59f27da42cfe2d3b806a1c71cc8d8fce0441121a17cd8c1b30bf5e35ea776

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments