MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 509c3bfbeebf39b4e7acde2d5485b7e435b082602ac419fde8911bd190833fbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments

SHA256 hash: 509c3bfbeebf39b4e7acde2d5485b7e435b082602ac419fde8911bd190833fbb
SHA3-384 hash: f4f22b715b72937a972a429db73f0ac278b736b3d3b0578e67ce715234d55b1b9da9948965d9d74ce90466d312d64b00
SHA1 hash: f910fe1d84f7bbd0bea5e0a3896f6081dd28133b
MD5 hash: 0e8841c9b213e537b4222fa6e891a1b8
humanhash: spaghetti-edward-july-ceiling
File name:Bank_Details.rar
Download: download sample
File size:23'739 bytes
First seen:2026-07-03 17:52:19 UTC
Last seen:2026-07-03 17:54:02 UTC
File type: rar
MIME type:application/x-rar
ssdeep 384:jErV1S0f5hQp3FlCHZAqyyUr9QC9YN3QtH9nTrBJMvtYOM7nWnyl5NNFJJC:Cwm0p3Fqjyy+9nYNc9XBJ6eP7Wyzk
TLSH T18BB2E0E8A18A5EB1B2D6A9591B0FDADABC34D1756D3C3090C5F20564FB4EDF0638221F
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:rar

Intelligence


File Origin
# of uploads :
2
# of downloads :
37
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Bank Details.vbe
File size:47'338 bytes
SHA256 hash: 9a8b123d41ac3e0e012680caeb153adf01d9c3248175fd16df8007093012591d
MD5 hash: 2121fb54d012cf220273a0868fe821c7
MIME type:text/plain
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Tags:
xtreme shell sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm downloader fingerprint
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-16T00:02:00Z UTC
Last seen:
2026-07-03T06:45:00Z UTC
Hits:
~100
Gathering data
Threat name:
Win32.Trojan.Malgent
Status:
Malicious
First seen:
2026-06-15 23:26:57 UTC
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dependsonpythonailib
Author:Tim Brown
Description:Hunts for dependencies on Python AI libraries
Rule name:detect_tiny_vbs
Author:daniyyell
Description:Detects tiny VBS delivery technique
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar 509c3bfbeebf39b4e7acde2d5485b7e435b082602ac419fde8911bd190833fbb

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments