MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 21 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121
SHA3-384 hash: 31cd278b51daf44210cfb3f7ef8550e30c7544c9c5a54c9b216f8e4dc2b3670b9b8cfde1aaaa0ccc9e1edc31351ae657
SHA1 hash: d73f5fa94c75b7d93c5cd8d466e2c0ffe4995692
MD5 hash: 09ad352b5016f587d5a0cc02ea210eb5
humanhash: king-tango-item-november
File name:london-bbn.pdf.zip
Download: download sample
File size:9'551'525 bytes
First seen:2026-03-17 20:30:42 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:HcvIPVmzOcLqnDXBLmWUYQrpyhGpDHC0dzBGSc9go5+uWL63x+mb2ZYYLiPZ8Kq:8vhOnn7FUNyhGprLz0K9L63Mmb21Oh8t
TLSH T17DA633E0F584AFC2E131C53153F880A9EADD186560E3DCA6BC131F5D6492AF3B7AE449
Magika zip
Reporter aachum
Tags:dropped-by-Stealc flame-guard-cc zip


Avatar
iamaachum
assets.fxd-hz-tk-loop.in.net/python_d.pdb

C2: https://flame-guard.cc/

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
ES ES
File Archive Information

This file archive contains 19 file(s), sorted by their relevance:

File name:vcruntime140_1.dll
File size:49'776 bytes
SHA256 hash: 6a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
MD5 hash: c0c0b4c611561f94798b62eb43097722
MIME type:application/x-dosexec
File name:_asyncio.pyd
File size:78'680 bytes
SHA256 hash: 0f42466dc4974071a14a6e79257fcd5b3b09b6f826f2ed3a5f18e7f50c267ea0
MD5 hash: 4a46772e8a5da74f7c7243757c3bf880
MIME type:application/x-dosexec
File name:_ctypes.pyd
File size:143'192 bytes
SHA256 hash: 3d96bd2fcceac4b94aa4c39a2c28117b67fdef2efb85e8c70153a42232a993f3
MD5 hash: 4c2b30ea5dde6369c5e2f757ca4a42c1
MIME type:application/x-dosexec
File name:_queue.pyd
File size:36'696 bytes
SHA256 hash: 8175bc5ba1d0a593972ddfee43df20c43f8a31a5002d7b9a4709ca3eafd7e9d7
MD5 hash: 14c76669397f108de22e12f6b1cde2c8
MIME type:application/x-dosexec
File name:_hashlib.pyd
File size:71'512 bytes
SHA256 hash: 26e11f41bf2197c007ccb57dc98d939dd409c0c3d8de77b31e19943f772ee8f8
MD5 hash: cbaeac105368d515a4d1a6940dfbb1da
MIME type:application/x-dosexec
File name:libffi-8.dll
File size:39'696 bytes
SHA256 hash: eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
MD5 hash: 0f8e4992ca92baaf54cc0b43aaccce21
MIME type:application/x-dosexec
File name:python3.dll
File size:75'096 bytes
SHA256 hash: 482b1c87a8bdd8770ec81f4b0e236de21b5cf3d45a549dc0b051b09732a99dbe
MD5 hash: f1c0a4a859622f79c0fa559196b3e693
MIME type:application/x-dosexec
File name:_multiprocessing.pyd
File size:38'744 bytes
SHA256 hash: a978a37b0ea079253cc7768d2418510c4c6841a8c3349219d159864ce0d09dd1
MD5 hash: 3187801d7f0b2cbb831b75d763592794
MIME type:application/x-dosexec
File name:vcruntime140.dll
File size:120'400 bytes
SHA256 hash: 052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
MD5 hash: 32da96115c9d783a0769312c0482a62d
MIME type:application/x-dosexec
File name:_overlapped.pyd
File size:58'200 bytes
SHA256 hash: 0ad47d7781743749a70d628deb38b2bfece3befb5b5c62ed1efdbe25a9fe4cef
MD5 hash: 53fe605e5b27c4a8d882fa3602ca33a8
MIME type:application/x-dosexec
File name:sqlite3.dll
File size:1'584'984 bytes
SHA256 hash: 87c6b978c344588a467f85b90cc8b08a43f85af0fba63f7e8b2acb020ea32624
MD5 hash: dd46150db2866c834c57ef43c3d73ad2
MIME type:application/x-dosexec
File name:select.pyd
File size:33'624 bytes
SHA256 hash: 65d39f525db6a75c16b2b964db3980b9ba7ec6516fd1fcfd837b11e5c6dec58f
MD5 hash: 05ec06c185b17804418ccc3499dabe60
MIME type:application/x-dosexec
File name:python315.dll
File size:7'210'840 bytes
SHA256 hash: 46d30acdb729ca35aefeac6e5ab5e00cf8c2ec823e922e8aebe82a412e832336
MD5 hash: 1d42f83fa0e0d4b7fa3b1373106e20ad
MIME type:application/x-dosexec
File name:LaunchHelp.exe
File size:104'792 bytes
SHA256 hash: b35f09b876edb18695347860f79acddc68993f711274556156769476cd05ae8a
MD5 hash: e961458d3d879ad7f1f19c99962045a7
MIME type:application/x-dosexec
File name:python.cat
File size:614'070 bytes
SHA256 hash: 8e433df6ab86d23d5b7d60e175f9242e3c780db2371c92f56ecc8e2eaa7ccc9b
MD5 hash: 27f7d8bde8f8b77d180e63d04398357e
MIME type:application/octet-stream
File name:unicodedata.pyd
File size:771'416 bytes
SHA256 hash: ab9887db8cc2bf76a91e7e17bc59b94a6771c6c4e7223142f352006d8131f9d7
MD5 hash: 574e55857a21fe3a4a4afb2edab6ca47
MIME type:application/x-dosexec
File name:python315._pth
File size:80 bytes
SHA256 hash: c7f3432f90e8f04c78ff2cef76cf51e50a13ed922f0bcc63fa34aa4decc5770c
MD5 hash: 226b7a3e899ba566037018eca15b58f4
MIME type:text/x-objective-c
File name:python_d.pdb
File size:400'733 bytes
SHA256 hash: e63affca32f0f38cd4e7099987bc56057482fea83cde115446405c67946613a9
MD5 hash: ebd77b668304eb28b7a91f98110f005c
MIME type:text/plain
File name:python315.zip
File size:4'655'786 bytes
SHA256 hash: 0e029c316b6bc7931064a1b5dd2f18213a0581bf447fffbbf687e6cca573aa21
MD5 hash: d6e54e53978b3d55671595687d974681
MIME type:application/zip
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/09d7a680-30be-4057-b7fd-90504647557c/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694c90fc038f10550b556a84
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121/results?tab=lookup
Score:
80%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout SVG Zip Archive
Link:
https://app.malva.re/file/09ad352b5016f587d5a0cc02ea210eb5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-17 09:33:27 UTC
File Type:
Binary (Archive)
Extracted files:
709
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oy7s4ed5lnuuv7ccf5dswbh734qonfpfiib6e7pmufudnee4ueqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:CAS_Malware_Hunting
Create hunting rule
Author:Michael Reinprecht
Description:DEMO CAS YARA Rules for sample2.exe
Rule name:Check_OutputDebugStringA_iat
Create hunting rule
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__ConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

EternalRocks

PowerShell (PS) ps1 73076c732c1858feddba79cd9af347827e8c1779fe4afaca7c29232e0271fe61

zip 763f2e107d5b694afc422f472b04ffdf20e695e54203e27deca16836909ca121

(this sample)

  
Link
https://tria.ge/260317-y5966abt3m/behavioral2
  
Dropped by
SHA256 73076c732c1858feddba79cd9af347827e8c1779fe4afaca7c29232e0271fe61
  
Delivery method
Distributed via web download
  
Dropped by
MD5 75dc5651107113abaa83e3de5ddaac1e

Comments


Avatar
commented on 2026-03-17 20:30:51 UTC

https://www.mediafire.com/file_premium/jl6k092iva8cn9j/london-bbn.pdf/file