MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f
SHA3-384 hash:	a96deb0ac6043ecb0177d5c78a0651455e896e51909e03e74377d48dce281c707324c61cda7103413476bd8628202527
SHA1 hash:	f7d4d3a86abbc559f8435d05f5a33d2157f76293
MD5 hash:	fb6f74a7fd59fcbdf56065f81d8f06cc
humanhash:	march-fix-nitrogen-king
File name:	1_0048481261.rar
Download:	download sample
File size:	1'765'779 bytes
First seen:	2026-02-22 14:02:53 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	49152:ARgv/C1/6g6uSSjyJDjUt3cK5QT6WGbIzgM+CLo4A:ARgv/Cl67et3hQT7GczWCLo4A
TLSH	T165853375B50AC8D9D63DEE912E5DF3A80408898F3A91A7208335B58D59F7DFB8CE019C
TrID	58.3% (.RAR) RAR compressed archive (v-4.x) (7000/1) 41.6% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	juroots
Tags:	rar

Intelligence

File Origin

# of uploads :

1

# of downloads :

47

Origin country :

US

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/438ab5a0-b3ab-47d0-9cd6-cab06bd8dda2/

Detection(s):

YARA.eval_post.UNOFFICIAL

{HEX}php.malware.magento.612.UNOFFICIAL

SecuriteInfo.com.PHP.Shell-43.UNOFFICIAL

SecuriteInfo.com.PHP.Shell-37.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=699b0cc7c950ab5d9ab06323

Tags:

n/a

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

adaptive-context anti-debug base64 cscript expand lolbin microsoft_visual_cc obfuscated overlay packed tiger

Link:

https://www.filescan.io/uploads/699b0cb991ad9169e5333822/reports/094541e0-8429-4325-85e6-57f0736a1341/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f

Verdict:

Malicious

File Type:

rar

Link:

https://opentip.kaspersky.com/6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f/results?tab=lookup

Verdict:

inconclusive

YARA:

2 match(es)

Tags:

Executable PDB Path PE (Portable Executable) PE File Layout Rar Archive

Link:

https://app.malva.re/file/fb6f74a7fd59fcbdf56065f81d8f06cc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f/

Threat name:

Script-JS.Backdoor.Chopper

Status:

Malicious

First seen:

2018-10-30 01:07:53 UTC

File Type:

Binary (Archive)

Extracted files:

15

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nbcmmwvx7t3y7pwpseavftateshqigs3jblugc6f76d2j3pe7wpq._file

Result

Malware family:

n/a

Score:

4/10

Tags:

discovery execution

Link:

https://tria.ge/reports/260222-s4fchadx2d/

Behaviour

Command and Scripting Interpreter: JavaScript

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

rar 6844c65ab7fcf78fbecf910152cc13248f041a5b4857430bc5ff87a4ede4fd9f

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3783623/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample