MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KongTuke


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7
SHA3-384 hash: 2a5e420aaf69f6acf151e0a0a53b329d2f1c33ec01478292528c2bad37830d1fd5e40fffd56b69b35a66bda38779f9f5
SHA1 hash: 9bfe84aef97896293fd2c37ce3c055ed56cdc4d9
MD5 hash: 433ebe981db602a938fd15e80ff9a71a
humanhash: violet-charlie-grey-foxtrot
File name:d
Download: download sample
Signature KongTuke
Create hunting rule
File size:1'085'440 bytes
First seen:2026-05-26 16:09:25 UTC
Last seen:Never
File type: tar
MIME type:application/x-tar
ssdeep 24576:Wihx1hQVmTTY8DVE/DFChIV6JdwLWmi/PAgagXLzfRFBk/W:Wihx12VmnPVErkhIiF
TLSH T171355C5AEBF64CE9D4E2C0F045B72311EA30399447605AFF566886682B2B7C0B73D778
TrID 62.9% (.TAR/USTAR) TAR - Tape ARchive (POSIX) (17/3)
37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika tar
Reporter monitorsg
Tags:Kongtuke tar


Avatar
monitorsg
hXXps://eegelhardt[.]lol/file.js (ClickFucker) --> hXXps://eegelhardt[.]lol/api/v1/session (token) --> hXXps://eegelhardt[.]lol/api/v1/verify (gateway) --> hXXps://eegelhardt[.]lol/api/v1/status (clipboard) --> hXXps://ryfsowiu[.]icu/d (tar)

Intelligence

File Origin
# of uploads :
1
# of downloads :
11
Origin country :
US US
File Archive Information

This file archive contains 14 file(s), sorted by their relevance:

File name:CiscoSparkCrypto.dll
File size:42'496 bytes
SHA256 hash: 6737d094b533a54bf52ed23738c68a6582d05055b675a9bea05005dc74e95f63
MD5 hash: 2b34ed79170a9a6c97af9b3bcb263bb5
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkSync.dll
File size:51'200 bytes
SHA256 hash: 019bdc3ee19c55cd4e624f48e1541e071ed51c49f0d48ade645a415cdf5e05a6
MD5 hash: 6b9d0668cc63105a7d6b3e0bc170da55
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkScheduler.dll
File size:18'432 bytes
SHA256 hash: f456209a6e16b5d8bcac123612cd713060e154060c78e772bacb528505b553d7
MD5 hash: 182f3e23bd65b878a514bfb8a4704a33
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkDiagnostics.dll
File size:9'728 bytes
SHA256 hash: 46a93098745d7a56db151a4137a68f39cd212560cfe148abef2ed8d8b7421372
MD5 hash: a13882d8539aff5c5321267b28d9a36c
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoCollabHost.exe
File size:396'000 bytes
SHA256 hash: c70b5fada48ce5e4ade6b111bc1b1d38e177c553798655227bd87f2ff2532fe8
MD5 hash: 60b921c0dd1f37474d49685a6b6bf0bb
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkLauncher.dll
File size:35'328 bytes
SHA256 hash: 25e53d0df7dbe8e054ffcfa59ccffc4dd575ebb063bae7033e2dae5b6923b1aa
MD5 hash: 03c8c15a118b36fbfd6af34cfe99c307
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkCompliance.dll
File size:66'048 bytes
SHA256 hash: 6d89fe443a987fe08f79e26d0a03c8b0ddcfe58959860119e61299034db1cebd
MD5 hash: 66338d9bbd3ef7caab2b31d572e05498
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkCore.dll
File size:77'824 bytes
SHA256 hash: bc12031b14d279ba063e670705c169fa56877cf3e32436e91adec0d7ccad8f5a
MD5 hash: cd8d1a121498d1695e90b713b64ac1cf
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkServices.dll
File size:213'504 bytes
SHA256 hash: 2b72e0a65d5386da24b82f2ce04b701af2ad919a45226d48de3d612bba3d1bf4
MD5 hash: fe73fb043cd684edaadd7f52092dd264
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkMonitor.dll
File size:23'040 bytes
SHA256 hash: 457d0195ceeaa3cc148d0bde6e5127ea5ca81afc0ae80f4af8a6b487b7531f1d
MD5 hash: 43ed7a6f13fb6b0ba1af73eac875e79d
MIME type:application/x-dosexec
Signature KongTuke
File name:wintrust.dll
File size:20'992 bytes
SHA256 hash: cdfae9f1d9702545972c1aee9e349cd3df4e6be8550f5d35ca3c508c6c9a7dc7
MD5 hash: 64d6881580746c1b575b06dd243924fd
MIME type:application/x-dosexec
Signature KongTuke
File name:2
File size:762 bytes
SHA256 hash: 1fcba8090d0bc5e80b9537a0a3c6a611d427a0da082a693af2947f610a83f4d2
MD5 hash: 44da4ad3acba07686b7789f48a8d6c48
MIME type:text/plain
Signature KongTuke
File name:CiscoSparkRuntime.dll
File size:36'864 bytes
SHA256 hash: 0131640ca997c61d9a50ce07ef45077e673468b6420da010960f317154553cee
MD5 hash: 97da8203188e4793c6d0fda85d88c37c
MIME type:application/x-dosexec
Signature KongTuke
File name:CiscoSparkBridge.dll
File size:76'288 bytes
SHA256 hash: 584f13c2cb72a3ac614a4ffe8c8f672546edab831aec966c5080a8ac8b17ebea
MD5 hash: b3fcd385a76b6201338b910f60dbe568
MIME type:application/x-dosexec
Signature KongTuke
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a15d8d15d76862ef947fa12
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7
Verdict:
Clean
File Type:
tar
Link:
https://opentip.kaspersky.com/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7/
Verdict:
Malicious
Threat:
Family.KONGTUKE
Link:
https://tip.neiki.dev/file/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kwhjmzlg5cn5fhrs6qlnwtrszsyrgje3rj3kwhld6vgmtic7mxdq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion spyware trojan
Link:
https://tria.ge/reports/260526-wd6csaat7x/
Behaviour
Modifies system certificate store
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

tar 558e966566e89bd29e32f416db4e32ccb113249b8a76ab1d63f54cc9a05f65c7

(this sample)

  
Link
https://infosec.exchange/@monitorsg/116641743703847116
  
Delivery method
Distributed via web download

Comments