MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bcb02b7fd40a5d6819c6e6979a5e9e59643e3ff281b46a10a08962a84f120d5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



WeedHack


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 4bcb02b7fd40a5d6819c6e6979a5e9e59643e3ff281b46a10a08962a84f120d5
SHA3-384 hash: 1090b04749c374a0461f44ed46835a7c1f50c7237ce202a8efabf8bb4868c4db4d5f234a707b7c735ece04da347a56aa
SHA1 hash: c033145e178e6f6a2172b9d83b873ab971e9d68d
MD5 hash: 092fc14187a80f73be39571474b78b29
humanhash: xray-skylark-butter-emma
File name:ewokkdebug.jar
Download: download sample
Signature WeedHack
File size:528'121 bytes
First seen:2026-06-27 16:26:42 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 6144:caiifwf6XYUxi6qUWE57o3AGpCy63ydEnaYYKiB0FZviqCZhzyiF/J:NYD8iJUlopdBEnabKHfvibheK
TLSH T1F5B4E1EBB9969DCEE50FE43B00818022F964E0DED44DF90F06B6419989A7DD83B15BDC
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter BastianHein
Tags:jar WeedHack

Intelligence


File Origin
# of uploads :
1
# of downloads :
65
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
ewokkdebug.jar
Verdict:
No threats detected
Analysis date:
2026-06-27 14:24:45 UTC
Tags:
arch-exec

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Threat name:
Win32.Trojan.Qwexlafiba
Status:
Malicious
First seen:
2026-06-27 14:25:49 UTC
File Type:
Binary (Archive)
Extracted files:
252
AV detection:
5 of 23 (21.74%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware persistence ransomware spyware
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Enumerates connected drives
Boot or Logon Autostart Execution: Active Setup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Comments