MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9
SHA3-384 hash: b2aeae7d31f1f56aac0bb60568ed7bcfc235d80f51842e82412bf5ce3d9de8765d22d607ede628dd6b6f0234c5c9fcd2
SHA1 hash: cf7caba49156ff31a585c7b81d4f53e5115fceb9
MD5 hash: d5746e26b6913d5aae044c8ec4c52ee1
humanhash: eighteen-wisconsin-vermont-missouri
File name:Booking#032675pdf.zip
Download: download sample
File size:490'478 bytes
First seen:2026-06-05 19:18:35 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:HpOHzByYEc8QhjZZ0XS2qojC/JBIYizznHDBEM/+97CRlUyqI1:JOHtyY9ZeXnw/gznjBEM/+92z
TLSH T1F7A42343529D235C6024BAC0DE30E8EA5A53C11D096676EFAF3A4E4B343B5F478EB188
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
125
Origin country :
HU HU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Booking#032675pdf.exe
File size:593'232 bytes
SHA256 hash: 1894dec3755af52c226632acaa835dfd52c324aee20d792bea3ca0c31573812b
MD5 hash: 27162aa89af20d2996f4881a60085281
MIME type:application/x-dosexec
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/87e1bac7-d91b-43ae-8981-375f1c8589ab/
Detection(s):
Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a23213957b7bf261d6141a0
Tags:
injection obfusc virus nsis
Result
Verdict:
Malicious
File Type:
PE File
Link:
https://app.docguard.net/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9/results/dashboard
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
adaptive-context anti-debug fingerprint installer installer installer-heuristic nsis packed reconnaissance signed
Link:
https://www.filescan.io/uploads/6a23212c099ef368af22b026/reports/6e023b8b-9bae-439e-8fae-32171d447fd0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-04T04:07:00Z UTC
Last seen:
2026-06-04T17:17:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9/results?tab=lookup
Score:
91%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9/
Threat name:
Win64.Trojan.Sonbokli
Create hunting rule
Status:
Malicious
First seen:
2026-06-04 09:53:23 UTC
File Type:
Binary (Archive)
Extracted files:
26
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ob5zs643spfrmskcvlcmarg4yvohwaj6tqdzd7rn5tvikacexxmq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/707b997b9b93cb164942aac4c044dcc55c7b013e9c0791fe2decea850044bdd9

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_NSIS_Nullsoft_Installer
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects NSIS installers by .ndata section + NSIS header string
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments