MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff
SHA3-384 hash: ef7db74a1206869dbfe1164c79d7845e1f3bf4fd529e4e2962927fd2a39aee25361f6671912b4dad869b18dd2c578c68
SHA1 hash: c8af6ed1cc82636b6dc68a7907a401367f168ffa
MD5 hash: 5e0d088e420fa20c70824a56cfad505b
humanhash: charlie-pasta-lactose-september
File name:awesome-tooling.v3.6.6.zip
Download: download sample
File size:1'405'527 bytes
First seen:2025-05-15 19:15:51 UTC
Last seen:2025-05-16 12:18:27 UTC
File type: zip
MIME type:application/zip
ssdeep 24576:pcAMlInOHfCBBd4Kff8SGZcZTTW86nuIGwB0aJqHpljpehst0BTnVskoEUA7ixNU:p8o0f+ddf86ZnWvuQ5JqHpmg0NnVDoEX
TLSH T137553371C78BAAA5F00359290A0449F73FA07E547F0A8FCD7B4B75B4FD16960AB01AC6
Magika zip
Reporter burger
Tags:zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
87
Origin country :
NL NL
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:57
File size:78'848 bytes
SHA256 hash: fd213469fee39d407e9f4c76a55e91c09129eeccf2f2f51d7d3766d8c98f2c6f
MD5 hash: dadcd51dac745c91fc2de0a60a16f69a
MIME type:application/octet-stream
File name:45
File size:401'920 bytes
SHA256 hash: 66ad3aa81a07c6ce2c6189d56a2ae91f036d21ef5db21df2aeebd2a1e719f780
MD5 hash: 8dd3c38b9f1f41fad642751e1a031e62
MIME type:application/octet-stream
File name:4
File size:512 bytes
SHA256 hash: 3d01b9e48f8d40d473c63508cca3a3e135f70a224fcfbd50f0632074b4b473d7
MD5 hash: 300553f9742d695d93c6de4517fee850
MIME type:application/octet-stream
File name:81
File size:1'342'464 bytes
SHA256 hash: 5da81e8dbc9ccf31b052a4ff65677b94af98792d8e2b0f5774e862e139c0eb5b
MD5 hash: ae9be0e42a508bfbda5f1465ebce8e42
MIME type:application/octet-stream
File name:COFF_SYMBOLS
File size:101'514 bytes
SHA256 hash: 1f3925824d2be30ca31a47c59a92d738993ce84884b4a170201e5bc6ab62947a
MD5 hash: dc2f2c2530f634f5f132c4cd4d91bc71
MIME type:application/octet-stream
File name:31
File size:5'120 bytes
SHA256 hash: a74afbced614619970caef04000f94df74ee565cf7ca6839efbc65dfd5933027
MD5 hash: f93f6dffb0d3cde2f4280573d837a36a
MIME type:application/octet-stream
File name:lua.exe
File size:100'900 bytes
SHA256 hash: 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953
MD5 hash: 00f60ee3ff2dee681b5d7d442009b2c2
MIME type:application/x-dosexec
File name:lua51.dll
File size:3'531'914 bytes
SHA256 hash: c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac
MD5 hash: 4ebd617a3ad9a9619172bd14a902a400
MIME type:application/x-dosexec
File name:70
File size:3'072 bytes
SHA256 hash: 584d0626d62e8302628934d61dd84211adb50764e01e67212d1df2e6cea812cb
MD5 hash: a580b62057be8337b1bf2be3a4832059
MIME type:application/octet-stream
File name:92
File size:281'600 bytes
SHA256 hash: afb724056fec9db29acbb3d6934dd10d70815b7c8c9f693451fc3df3860ea1b6
MD5 hash: 27a9885bb58ae9301a79c5e0d1439014
MIME type:application/octet-stream
File name:19
File size:817'664 bytes
SHA256 hash: 0935f87a2b59d654ffa1505c941fa61b713c1bfa8f8146f69c9c0f74e8e35a1e
MD5 hash: 6b12add95e4beff1fc1d14c47c5d536a
MIME type:application/octet-stream
File name:Launcher.cmd
File size:21 bytes
SHA256 hash: 0b2dd257c50ed37c239e248987132ebc75138d09d01b3be5d360953c190ee5d6
MD5 hash: e66816f9880811713867e9af8176d26a
MIME type:text/plain
File name:cli.txt
File size:330'285 bytes
SHA256 hash: 277a0aa3fb3762438f5bd1f9f35a58979430622bc6234e95a4383667a8402952
MD5 hash: 4d744f3e77a4cb86a676da9c0a28b186
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.VBS.Obfus-141.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68263c2a4a59e5a2ce04f0ab
Tags:
injection obfusc
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff/results/dashboard
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug mingw overlay packed
Link:
https://www.filescan.io/uploads/68263d7bc609634bd7c43a17/reports/2d466f9f-e3fe-4a79-aadd-7fd50117194c/overview
Verdict:
Suspicious
Labled as:
Mal/DrodZp
Link:
https://www.hybrid-analysis.com/sample/49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff
Score:
60%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff/
Threat name:
Script-Lua.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-04-22 15:44:53 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
6 of 24 (25.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jhnftqwnympd2s5vytqjcsmefnaxiawpkqsrl2e2u7ze2dcl7p7q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Capability_Embedded_Lua
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects embedded Lua engines by looking for multiple Lua API symbols or env-var hooks
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 49da59c2cdc31e3d4bb5c4e09149842b417402cf542515e89aa7f24d0c4bfbff

(this sample)

  
Link
https://github.com/RadhityaJavas/awesome-tooling/releases/download/v3.6.6/awesome-tooling.v3.6.6.zip
  
Delivery method
Distributed via web download

Comments