MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd
SHA3-384 hash: 7ef598a6362569e6d983f9b36ca46c00fff915e380e5c063503db0338bf36777d972b626b52e9cb8f90975de51766460
SHA1 hash: 26b1ffc3b71796593060d7418692c30d0f21d773
MD5 hash: 620f2d3525d119276acef8b8deba4422
humanhash: eight-summer-hydrogen-uncle
File name:614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd.zip
Download: download sample
File size:16'996'208 bytes
First seen:2026-01-16 18:13:03 UTC
Last seen:2026-01-16 19:08:30 UTC
File type: zip
MIME type:application/zip
ssdeep 393216:LLyPWyYeXoni/0mp7A7SHFSutZpTIdB+ny3v6Q2:XOtoniVzsCpM+y3vY
TLSH T1AA07338EE57505E5D6C25F8CF121EE29838D3EB66EC2D6D9D2707130CDE0096CAB86C9
Magika zip
Reporter johnk3r
Tags:007consultoriafinanceira-net banker docsmoonstudioclayworks-site Ghost zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
133
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:installer2.msi
File size:17'068'032 bytes
SHA256 hash: 2cbafc607c5d38a891ab89799f98b6b754b519706eb6597e4c4f2d4f6fc5db21
MD5 hash: bc7b9acee0db48efa0a9bc795fa4ec5c
MIME type:application/x-msi
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/c57112ef-a1af-44c9-8089-6316ee748254/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=696a7fd5ef906a21abcdcd61
Tags:
shellcode backdoor dropper
Result
Verdict:
Clean
File Type:
MSI File
Link:
https://app.docguard.net/614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug fingerprint installer installer keylogger obfuscated
Link:
https://www.filescan.io/uploads/696a7fccfdafd7624aaf3a66/reports/60d47aad-7f8e-4a6a-8778-407a79cef7c4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mff2dlftgs7sjjuq5qvxlplutovakck46l5pq2ut2soonh5nk66q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Visual Basic Script (vbs) vbs 9ca066cbd40b0c99d1059467d61501e95900ce3fb0ce197736048dc5d05606d4

zip 614ba1acb334bf24a690ec2b75bd749baa05095cf2faf86a93d49ce69fad57bd

(this sample)

Microsoft Software Installer (MSI) msi 2cbafc607c5d38a891ab89799f98b6b754b519706eb6597e4c4f2d4f6fc5db21

  
Dropped by
SHA256 9ca066cbd40b0c99d1059467d61501e95900ce3fb0ce197736048dc5d05606d4
  
Dropped by
MD5 38ca9a71dacbecad96ea643bd48338b7
  
URLhaus
https://urlhaus.abuse.ch/url/3759148/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 2cbafc607c5d38a891ab89799f98b6b754b519706eb6597e4c4f2d4f6fc5db21
  
Dropping
MD5 bc7b9acee0db48efa0a9bc795fa4ec5c

Comments