MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41
SHA3-384 hash: 475d97010774f72e3c95c4570cefa05f5d6c594c8267d1a10e5886a9ee1593bce730ae8f0c36305cc03b61cdb06a3819
SHA1 hash: 2d6550d8448d2e06ef51dc10fdabe1cd8cf9e3e9
MD5 hash: 048fd77e9087678e488353242d2cd73d
humanhash: alanine-mexico-april-friend
File name:e654df84fd6dc02ca1b312ff856ef2ca88b42a72bab31ea3168965cb946cf16e.zip
Download: download sample
File size:8'194'678 bytes
First seen:2026-03-01 10:05:29 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:uZWKE3hhdbDOG2gzR6/08YBXs1Wr4j1/k+YcrA9qgdUbE4oymLnt3ymzmriHefQ7:3FZ2gzRrco4j1l7rjY0mzmrsZYvyDFR
TLSH T11B863391E3D60EFC935A065870CACA8988374E6D7819DCACEB36F1074A37D1E8895DDC
Magika zip
Reporter JAMESWT_WT
Tags:Air-Gapped APT37 zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:e654df84fd6dc02ca1b312ff856ef2ca88b42a72bab31ea3168965cb946cf16e
File size:10'126'078 bytes
SHA256 hash: e654df84fd6dc02ca1b312ff856ef2ca88b42a72bab31ea3168965cb946cf16e
MD5 hash: 098d697f29b94c11b52c51bfe8f9c47d
MIME type:application/octet-stream
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/548c4603-4daf-4a01-80de-7b16451a1bad/
Detection(s):
MiscreantPunch.SingleXOR.EXE.10.UNOFFICIAL
Create hunting rule

MiscreantPunch.SingleXOR.EXE.151.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a40fa7c950ab5d9ab2eb39
Tags:
infosteal emotet
Result
Verdict:
Unknown
File Type:
ZIP File
Link:
https://app.docguard.net/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/69a40fa19eaae8465940f2f9/reports/4cffeec4-6936-4006-a4ba-016ee3757f19/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41/results?tab=lookup
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Zip Archive
Link:
https://app.malva.re/file/048fd77e9087678e488353242d2cd73d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-01 10:06:29 UTC
File Type:
Binary (Archive)
Extracted files:
7
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ol5zvd5y5qpnjuiabjmwwggmwwptiqbpoo2hc5kwny37vapprjaq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/260301-rtp9aadx6d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/72fb9a8fb8ec1ed4d1000a596b18ccb59f34402f73b47175566e37fa81ef8a41

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:AsCryptv01SToRM1
Create hunting rule
Author:malware-lu
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:meth_peb_parsing
Create hunting rule
Author:Willi Ballenthin
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments