MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SiriusRAT


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8
SHA3-384 hash: 2cb031c5b27a3ad4088b8277468d74dc205d61a5102c5805369e3d3b04869d39821d42b65199d439839e556dff352e17
SHA1 hash: 061822b8dfe34d2b2fe687a61031b42887bfccd7
MD5 hash: e3b0b549ad05e5f0214c646469b18b75
humanhash: double-pizza-kansas-colorado
File name:Bonifico Bancario.zip
Download: download sample
Signature SiriusRAT
Create hunting rule
File size:229'256 bytes
First seen:2026-06-22 15:10:01 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 6144:DmUN0Wp+Sh3+gFxy7EidjrC55L2UaNZvAnAbdGHM0:ik+gFxGprC5FuvAAp0
TLSH T1122423ADD60A757D508422F0B40187BAD476EFB9A47A00F2CBB1E0EC5EC95DD90E193B
Magika zip
Reporter JAMESWT_WT
Tags:135-136-141-43 alfredcore-com SiriusRAT Spam-ITA zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Bonifico Bancario.js
File size:1'535'120 bytes
SHA256 hash: 7122d9c3a7cca9754cdab80ea7c79856234a735cf744262bbe28708150153a0a
MD5 hash: 4c218c15755622abf91253982114da54
MIME type:text/plain
Signature SiriusRAT
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/cb7bd6a3-72a0-4f4d-b26b-64366fae1b13/
Detection(s):
Sanesecurity.Foxhole.Zip_jsname.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.JS.Obfus-2662.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a39508986bc95245bf8b1f6
Tags:
stration virus shell
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
conhost obfuscated powershell repaired
Link:
https://www.filescan.io/uploads/6a39507890632a45f73339e9/reports/fc3cb7af-0172-4c22-853f-2ee88f14421a/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-22T11:18:00Z UTC
Last seen:
2026-06-22T11:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8
Verdict:
inconclusive
YARA:
2 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/e3b0b549ad05e5f0214c646469b18b75
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nrgqzri5hx6qbia665iezgj3i5nvyca64inr7gf6tzkaj42xc3ua._file
Result
Malware family:
siriusrat
Create hunting rule
Score:
  10/10
Tags:
family:siriusrat collection discovery execution persistence privilege_escalation rat
Link:
https://tria.ge/reports/260622-s3w9madz4n/
Behaviour
Checks processor information in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
outlook_office_path
outlook_win_path
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
System Network Configuration Discovery: Wi-Fi Discovery
Accesses Microsoft Outlook profiles
Command and Scripting Interpreter: PowerShell
Looks up external IP address via web service
Checks computer location settings
Badlisted process makes network request
Downloads MZ/PE file
Detects SiriusRAT
Family: SiriusRAT
Malware Config
C2 Extraction:
135.136.141.43:4449
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6c4d0cc51d3dfd00a01ef7504c993b475b5c081ee21b1f98be9e5404f35716e8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments