MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA 7 File information Comments

SHA256 hash:	60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e
SHA3-384 hash:	d5075945c66ce63094385a58b3cc31199f9adafa04b6da220fa0afbbb5230cfabe431d8c6994020319f5bc939a593cdf
SHA1 hash:	8b13bce2f87b74b2c1ef3dc05f452bb564e7ecae
MD5 hash:	6766634c0dd506f157f80721d5199cc2
humanhash:	cup-spaghetti-finch-pasta
File name:	12052026_0620_Continental Global Synergy No2.lnk.zip
Download:	download sample
File size:	1'260 bytes
First seen:	2026-05-14 08:09:03 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24:9HPrZlcVtYJx9aVV3DvnHvmQWbR6okvtXyZlGq6VupHAhncEA6givJP5H:9HPkvVVrnHvmr8tCrz64p4c8P9
TLSH	T1D12154D894D803F5DF5466BDB19F53AF37408CF166DF5A21F809A46788C3A213A959C0
Magika	zip
Reporter	smica83
Tags:	104-207-135-174 155-138-247-221 zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/452fc421-75fe-4658-91eb-96494bcfa61b/

Detection(s):

Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL

Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL

TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL

TwinWave.EvilLNK.ReturnOfTheMac.005056c00008.UNOFFICIAL

TwinWave.EvilLNK.OddLook.20221214.UNOFFICIAL

SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL

YARA.SIGNATURE_BASE_SUSP_ZIP_LNK_Phishattachment_Pattern_Jun22_1.UNOFFICIAL

Verdict:

Malicious

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a058334953bbcef1c9038ee

Tags:

ransomware dropper xtreme

Result

Verdict:

Malicious

File Type:

LNK File - Malicious

Link:

https://app.docguard.net/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e/results/dashboard

Payload URLs

URL

File name

https://www.dropbox.com/scl/fi/n9tfvdo5z9i6ixmqodi6a/load2.ps1?rlkey=xvqxm4ptcfoeoj6h219dkt2oy&dl=1

LNK File

Behaviour

BlacklistAPI detected

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 exploit powershell powershell

Link:

https://www.filescan.io/uploads/6a0583312fcb905ec2968fb0/reports/9e3365bd-ee01-4baf-a241-f78d653a3706/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e

Details

Base64 Encoded Powershell Directives

Detected one or more base64 encoded Powershell directives.

Hidden Powershell

Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.

Base64 Encoded URL

Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.

Verdict:

Malicious

File Type:

zip

First seen:

2026-05-12T05:51:00Z UTC

Last seen:

2026-05-16T01:03:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e/results?tab=lookup

Verdict:

Malware

YARA:

3 match(es)

Tags:

Batch Command Execution: CMD in LNK Execution: PowerShell in LNK LNK LOLBin LOLBin:powershell.exe Malicious PowerShell PowerShell Call T1059.001 T1059.003 T1202: Indirect Command Execution T1204.002 Zip Archive

Link:

https://app.malva.re/file/6766634c0dd506f157f80721d5199cc2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e/

Threat name:

Shortcut.Trojan.Ravartar

Status:

Malicious

First seen:

2026-05-14 08:10:05 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

15 of 36 (41.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=md7u3sl72ylyxcr3rtytwvb7jtr5bej4tvgz5flami3oohatn4pa._file

Gathering data

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/60ff4dc97fd6178b8a3b8cf13b543f4ce3d0913c9d4d9e95606236e71c136f1e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Detect_Remcos_RAT Create hunting rule
Author:	daniyyell
Description:	Detects Remcos RAT payloads and commands

Rule name:	LNK_sospechosos Create hunting rule
Author:	Germán Fernández
Description:	Detecta archivos .lnk sospechosos

Rule name:	PS_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies PowerShell artefacts in shortcut (LNK) files.

Rule name:	SUSP_LNK_PowerShell Create hunting rule
Author:	SECUINFRA Falcon Team
Description:	Detects the reference to powershell inside an lnk file, which is suspicious

Rule name:	SUSP_LNK_SuspiciousCommands Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects LNK file with suspicious content

Rule name:	SUSP_ZIP_LNK_PhishAttachment Create hunting rule
Author:	ignacior
Description:	Detects suspicius tiny ZIP files with malicious lnk files
Reference:	Internal Research

Rule name:	SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1 Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects suspicious tiny ZIP files with phishing attachment characteristics
Reference:	Internal Research

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample