MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623
SHA3-384 hash: f09f90f53c6e3363be1b4c817182afa6d90068130ed6a676e8dd6e7ce874330b887e56e6640bccb1fd29c16915fa04ad
SHA1 hash: 5a51866a2f133c1ff70b16156fe509b4d4cfe2e4
MD5 hash: 776b18bde195167e876c75985df06836
humanhash: violet-shade-sixteen-eleven
File name:EasyCore.zip
Download: download sample
File size:67'300'330 bytes
First seen:2026-03-23 15:19:26 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1572864:rmd6g+KdmpziLlZ+dX1DhlN8Pmg3ICIiHawWeab48qqSap4:SOKdwmLlQlVIz3ICIixWe/8qqSQ4
TLSH T127E733D3B04AABD310F18D3AE179C6E4B25672581B46C9EB06C44F57F1B2371E1AE983
Magika zip
Reporter tcains1
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
US US
File Archive Information

This file archive contains 30 file(s), sorted by their relevance:

File name:data_54.sdat
File size:839'229 bytes
SHA256 hash: d110a6f730b905d8af17a000b5e3eb8dc228fb728a25f85625bc7c214bf8e05e
MD5 hash: 08da8008657391593aa591094a86fc56
MIME type:application/x-dosexec
File name:config_55.bin
File size:573'962 bytes
SHA256 hash: 247940a5afab107b0eb18327ddb0c76eea2ddba019e69e13944252f00e07bdca
MD5 hash: 0cabe12b7eef8233d8b1cb4e7d64283d
MIME type:application/octet-stream
File name:core_118.dat
File size:1'025'858 bytes
SHA256 hash: 3e44cf8c82e5fe74f77086175e69956affb6949fe028c22ea2dc8c4e42501b95
MD5 hash: a62ca170876075f5b960c12fbbe9cafb
MIME type:application/octet-stream
File name:build_94.data
File size:893'152 bytes
SHA256 hash: 56318728aaaef4a6ce5d7f262b292c7f6c1ac4a3d8ebd6b95664c3c2cd2c207a
MD5 hash: 24ca532d99dcb63bfc2af6de9b4b6bfb
MIME type:application/octet-stream
File name:cache_125.sdat
File size:751'231 bytes
SHA256 hash: f89f807f982cfd4c565f4e8d7020f8aa068a9536ab3d75b6d6dd16821bc37906
MD5 hash: 508985e0f69d8e64f1985a0a6effee5d
MIME type:application/octet-stream
File name:data_108.sdata
File size:1'021'186 bytes
SHA256 hash: 114e56155d0203c9c51653d812371303fca6b5cc64ff044111e5eafdcedc6da1
MD5 hash: b6f5e99f9fb47f45e91290985f291f17
MIME type:application/octet-stream
File name:data.dll
File size:948'484 bytes
SHA256 hash: 6064d20d4bc4bcf7deaf3c43ff5c25046f48786d39252b6068ae64b961e0c471
MD5 hash: b8a856b880f7ff38cd7312d0665f5da1
MIME type:application/octet-stream
File name:build_19.dlm
File size:726'201 bytes
SHA256 hash: a11c6f6de488c3ee167298a6b3ccdef616eeaa4540246aa75e0baa0067fbf6de
MD5 hash: 3fa6e2735970ddfcbd8cf2eeffca4144
MIME type:application/octet-stream
File name:build_121.bin
File size:670'214 bytes
SHA256 hash: 328e2d40e297c3282bb8ddec6af59f36c8d98aa72c3f267c838a9e6bddb06221
MD5 hash: d24c920171d27b13ba8faad9c6f30be2
MIME type:application/octet-stream
File name:build_52.bin
File size:616'227 bytes
SHA256 hash: 69f00416b898fe6081e816ab9304fb77bb53df8bea3ea13a0856dbd34fc39566
MD5 hash: a7d61c7c9aa6938348a9d2b440d15c3f
MIME type:application/octet-stream
File name:Launch.msi
File size:29'499'392 bytes
SHA256 hash: 5291c2302af1007e5fa235e33682441b8a652c10552198181df385450f551776
MD5 hash: c5366fe333d3f665e4d588cdb9e1e8c4
MIME type:application/x-msi
File name:config_111.sdat
File size:685'444 bytes
SHA256 hash: 5507e5740357c3c8d50ae31b9a5c96bd132b5d55dd92e6de003b4279d46d56bb
MD5 hash: 540bb5f7421f6d271beb623631b1e345
MIME type:application/octet-stream
File name:cache_71.000
File size:1'038'029 bytes
SHA256 hash: 0bd6a7104992a230552ac561c7d59038e150502d75f04872032cc2aceb3b633f
MD5 hash: a15eb21e9a3dc42d40a441a326e1b001
MIME type:application/octet-stream
File name:data_81.sdat
File size:836'590 bytes
SHA256 hash: 4383942e828583f52221ab74ec75cda6a749309d6a043bb21ceefac2ac02c6d4
MD5 hash: 38fba6b86e1352654eb82fb56d9a33cf
MIME type:application/octet-stream
File name:build_35.000
File size:888'343 bytes
SHA256 hash: 19dbb42252f098bd47ffb7858b4ec794523c75ca8ad61dee54de5d66114c5e16
MD5 hash: b36a2ebf59a1382267686d28645d9f1a
MIME type:application/octet-stream
File name:data_95.sdata
File size:948'713 bytes
SHA256 hash: b5eae8795768b0b779bacb8850926f43e668b98075c216613a29e06f202f41a8
MD5 hash: f95f2e319b752d029c05814388180fd7
MIME type:application/octet-stream
File name:core_83.sdat
File size:718'409 bytes
SHA256 hash: 9fe802a939178a8ba39debbb3108f2db73e0dc365d6509afec37fafec234c0e0
MD5 hash: b8772cb2cad06af2575e73c20407bf74
MIME type:application/octet-stream
File name:config_93.data
File size:1'037'710 bytes
SHA256 hash: 82160dc36784e286c52fdd2cf95d5303adabfd7a688a3b3e530fcc569f8ad5cc
MD5 hash: da0ef99512fd47256b6a217de788a5fa
MIME type:application/octet-stream
File name:cache_103.bin
File size:1'046'249 bytes
SHA256 hash: df6139c941957fbe029621030f64eeff1b9f5bc3eb9ce4a2b02eb6d0332fe0d7
MD5 hash: 9b7dafa4e2012e1893fd522f9c8c88ad
MIME type:application/octet-stream
File name:data_113.bin
File size:1'003'855 bytes
SHA256 hash: 789944439e675fcc575b25f63d5692fe7d58d7fdc8ef1c6ef913c1d8aa274b62
MD5 hash: 5ef35b6d85ee554dee0e0b6c9b53ff60
MIME type:application/octet-stream
File name:build_25.dll
File size:790'214 bytes
SHA256 hash: 4df82bf1575ce59e2db65396b306d506ae66dfa5027f89b10399db24556ff09a
MD5 hash: 602da447fcf558778d4c7f502c86576e
MIME type:application/octet-stream
File name:cache_34.000
File size:692'780 bytes
SHA256 hash: f6575c3accb9e6b30b781056f185f61fd540d7b9a68d8d5839b178b2df1f8213
MD5 hash: 35f3fc15a4c7dda01ae0b077aaef94f0
MIME type:application/octet-stream
File name:info_8.sdata
File size:709'898 bytes
SHA256 hash: e639bcdb3bf189eb735dc2ccc2c3df200ee3e53ac139767b8cf11fe7fe3bd4ee
MD5 hash: dd534c36718e9e67cda032800574e921
MIME type:application/octet-stream
File name:core_110.002
File size:728'135 bytes
SHA256 hash: 47c0c845fc48d213c667a8bb266d9ebffd149f329cabae47e9e3d25dbfcd48e4
MD5 hash: 5cb52b9c8a7119a4e5aeff4302b82ed6
MIME type:application/octet-stream
File name:build_119.dat
File size:965'935 bytes
SHA256 hash: f241930987985818c0aa1f8d835d5329aaaee0b70870a8a8d4087faedd56e076
MD5 hash: b3d25f77f89f08bef8ea7254234a6aaf
MIME type:application/octet-stream
File name:data_65.sdata
File size:626'651 bytes
SHA256 hash: e24a583210430602c7c99f0a445d5318219bacc29f2146bfec9d6e0315ac46f4
MD5 hash: 0ee1a1e05b8be3b1bc39c38596c05f2e
MIME type:application/octet-stream
File name:info_26.001
File size:973'603 bytes
SHA256 hash: fd628485e5e256297596c5aec70c21e03905f816cb689b7d585e15961c03e090
MD5 hash: 6cb7460f754e203db98c20e82796f091
MIME type:application/octet-stream
File name:config_9.sdat
File size:738'800 bytes
SHA256 hash: 0d60001bff1e113b1d8519eb3daeddcbfa0f858ab149ebec1b1bf2219a74b5ad
MD5 hash: 0c1c6e4265ee886071dbadeb52c8e2c4
MIME type:application/octet-stream
File name:How To Setup.txt
File size:485 bytes
SHA256 hash: 289d7fd63b98894a9789a148a094b6205c579680ff5b2699cb4937661d330cef
MD5 hash: 7d1dac169b9cd7895ada983ebbf8a8d0
MIME type:text/plain
File name:easy-data.rar
File size:14'554'693 bytes
SHA256 hash: 99b5d5137be169170d274f7487e72cc8a394e8d4f403141c973989bbe60f5272
MD5 hash: b6a7f0761ada2294523f9b15d06cfeeb
MIME type:application/x-rar
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/ef4b61e5-60b9-422c-93db-6c5445fbd80f/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69c15a52aacb4c376b131582
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623
Verdict:
Malicious
File Type:
zip
Detections:
HEUR:Trojan-Dropper.OLE2.Agent.gen
Link:
https://opentip.kaspersky.com/5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623/results?tab=lookup
Score:
92%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623
Gathering data
Threat name:
Script-WScript.Malware.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-03-21 00:03:26 UTC
File Type:
Binary (Archive)
Extracted files:
74
AV detection:
1 of 36 (2.78%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lzgysetz545mxejcgwve4t4tpixxehbgxcf4wvviw552rthy4yrq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
persistence privilege_escalation ransomware
Link:
https://tria.ge/reports/260323-tjrepsas8j/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Enumerates physical storage devices
Event Triggered Execution: Installer Packages
Drops file in Windows directory
Badlisted process makes network request
Enumerates connected drives
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 5e4d891279ef3acb912235aa4e4f937a2f721c26b88bcb56a8b77ba8ccf8e623

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3803406/

Comments