MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1
SHA3-384 hash:	2aab880280dda2a5cec3a60a9170a8287b56caa3c4aaca4134030f76c6f158d4bd75fb60fe8d0c0475643380fc905336
SHA1 hash:	1e94ae555d333b48e7aa20657d1855a48853dbdb
MD5 hash:	69f4005b796eb39d90fd5d65f3f2b1fd
humanhash:	seven-north-oven-nine
File name:	naftkhodm.zip
Download:	download sample
File size:	8'976'110 bytes
First seen:	2025-11-27 09:07:53 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:a9ZJUC+zjzSVE2Hvv+rh6jM+X6wte6OUtIF1ffhz8ibkOv0xmBs:a9ZJUC+zjzSNHvv+rUq8vOPFJhrrv0g+
TLSH	T179963330FB551455DD0F687C288A1581110FB295BA24A8AE3C10B6B16B2F6F97BF0F6F
Magika	zip
Reporter	juroots
Tags:	zip

Intelligence

File Origin

# of uploads :

1

# of downloads :

30

Origin country :

IL

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Vulnerability-found-CVE-2020-11022-in-jQuery.UNOFFICIAL

SecuriteInfo.com.PUA.Telegrambot-7.UNOFFICIAL

SecuriteInfo.com.PUA.Telegrambot-21.UNOFFICIAL

SecuriteInfo.com.PUA.Telegrambot-10.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=692815526657e3433281720e

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1

Result

Verdict:

UNKNOWN

Link:

https://labs.inquest.net/dfi/sha256/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1

Verdict:

Malicious

File Type:

zip

First seen:

2025-11-27T08:23:00Z UTC

Last seen:

2025-11-27T08:32:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

ARCHIVE

Link:

https://malprob.io/report/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1

Verdict:

inconclusive

YARA:

3 match(es)

Tags:

Zip Archive

Link:

https://app.malva.re/file/69f4005b796eb39d90fd5d65f3f2b1fd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1/

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pfeftcnohfk6cdt7zxe552zt5wxaszqgpypuosg45i5jqzj6qxiq._file

Result

Malware family:

n/a

Score:

6/10

Tags:

adware android discovery execution spyware

Link:

https://tria.ge/reports/251127-k4279stpdt/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 79485989ae3955e10e7fcdc9deeb33edae0966067e1f4748dcea3a98653e85d1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3717872/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample