MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76a69097562d3d356fb8a17bc3fde4584d698bbe213f30243db998672425ed6a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments

SHA256 hash: 76a69097562d3d356fb8a17bc3fde4584d698bbe213f30243db998672425ed6a
SHA3-384 hash: 3bcb1a732915fd3499ecee2093110dd81ba2e527c4c5c80cebfe3e0f3684ec3143122ae4e8bc64efa6aadaf1b72ddd5c
SHA1 hash: 01b030a0d2dcaf143cda4067e08d10325c0f8604
MD5 hash: ab52ac8b9c86ebcfae8a7592f33314c9
humanhash: one-mobile-bulldog-yellow
File name:Quotation.zip
Download: download sample
File size:13'965 bytes
First seen:2026-07-03 17:50:38 UTC
Last seen:2026-07-03 17:51:35 UTC
File type: zip
MIME type:application/zip
ssdeep 384:A888888888888888888888888888888888888888888888888888888888888887:A888888888888888888888888888888b
TLSH T1C4520268642942419B333A633AF95F12EA9408FD2DE1775C36087F23DAD87090A6DD0F
Magika zip
Reporter TomU
Tags:zip

Intelligence


File Origin
# of uploads :
3
# of downloads :
17
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:Quotation.vbs
File size:1'972'667 bytes
SHA256 hash: f8a43903e5b50696f3bbb98f0221bfd5ba95c5a6e05ca26400b4fc151a489635
MD5 hash: 0f9de4f1e7a3f08eafb0c5a1c255e261
MIME type:application/octet-stream
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Tags:
ransomware autorun shell sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
downloader formbook
Verdict:
Malicious
File Type:
zip
First seen:
2026-06-15T06:52:00Z UTC
Last seen:
2026-07-02T13:24:00Z UTC
Hits:
~100
Gathering data
Threat name:
Win32.Trojan.Ravartar
Status:
Malicious
First seen:
2026-06-15 10:30:05 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:detect_tiny_vbs
Author:daniyyell
Description:Detects tiny VBS delivery technique

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 76a69097562d3d356fb8a17bc3fde4584d698bbe213f30243db998672425ed6a

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments