MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7b5121a41008653cda152a3bf5f0d0c44254fa3cd98af607dbc32f6e65341242. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



KongTuke


Vendor detections: 7


Intelligence 7 IOCs YARA 16 File information Comments

SHA256 hash: 7b5121a41008653cda152a3bf5f0d0c44254fa3cd98af607dbc32f6e65341242
SHA3-384 hash: ec7e41f70648741758c871ab555f9ea375efc8d50dfae0c8e7eb817e70edc5cb3fda7c3d49c8f264854df5fbbae52b34
SHA1 hash: 6a13e1fa76ca966980d477c1c741d3d6b41d3395
MD5 hash: cd91f12cf47767396194394964d2267c
humanhash: video-south-king-hamper
File name:package
Download: download sample
Signature KongTuke
File size:7'000'898 bytes
First seen:2026-06-29 19:07:31 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 196608:lTnpm/SDlI16xwycQf+UxYaZyenxL0UE1prbZkARY:Vpm/SDWAiy5NHZyenxjE1lb2ARY
TLSH T10366334A10206DFBC9FCF5F8A18829A24291EE0F76501411BD7BF47E38467C89B97B9D
Magika jar
Reporter monitorsg
Tags:Kongtuke zip


Avatar
monitorsg
hXXps://ackeamann[.]xyz/file.js (ClickFucker) --> hXXps://ackeamann[.]xyz/api/v1/session (token) --> hXXps://ackeamann[.]xyz/api/v1/verify (gateway) --> hXXps://ackeamann[.]xyz/api/v1/status (clipboard) --> hXXps://datacrypt5840[.]top/update/package (tar)

Intelligence


File Origin
# of uploads :
1
# of downloads :
134
Origin country :
US US
File Archive Information

This file archive contains 23 file(s), sorted by their relevance:

File name:xul.dll
File size:5'741'568 bytes
SHA256 hash: b2cb64ebab2c6c3189504d8704e094f8e6f23eefd87d3569a86b5f40a176c6dd
MD5 hash: a8c1f02f04d53477d9c3cd052e371660
MIME type:application/x-dosexec
Signature KongTuke
File name:mozglue.manifest
File size:240 bytes
SHA256 hash: 23680bbba9edbbfab98e27f9bd676b031da3b20adfe909ce86c9ecc1b8bb80d1
MD5 hash: 5d5e62ad6d1023592406fe3ea1f0ea75
MIME type:text/xml
Signature KongTuke
File name:vcruntime140_1.dll
File size:47'264 bytes
SHA256 hash: e6bfb3662ab4b1969a73441dbe35c96d51441b6bff8cf1fe7430bd5b246ca605
MD5 hash: 03b43160d21c08de07a79d0a1c5ee81d
MIME type:application/x-dosexec
Signature KongTuke
File name:AccessibleMarshal.dll
File size:233'984 bytes
SHA256 hash: c220dd2c05cabee115f8c9b71ebd63f9b6317a858e0119196ed4dbe43dbc78c6
MD5 hash: 08e4e97e0a5b71c53defaa9b05c9d255
MIME type:application/x-dosexec
Signature KongTuke
File name:gkcodecs.dll
File size:233'472 bytes
SHA256 hash: 39ab2172c515bf149874c753159ea9ebb7efeaebf4913f911006d68b308561b3
MD5 hash: 1199c51bee124daf50f8373e741dea7a
MIME type:application/x-dosexec
Signature KongTuke
File name:mozglue.dll
File size:608'256 bytes
SHA256 hash: 3437aaf76e6a2d86ceff6f8f97b0268d515405416b32ae6708aa67c29aca6200
MD5 hash: 1c5ed027908aa20ef8e0e0ccdc7ac089
MIME type:application/x-dosexec
Signature KongTuke
File name:plugin-container.exe
File size:144'512 bytes
SHA256 hash: 653a27b36c41fbb6ac9e7538b481e95b77ebc7eb4f83eb99b4838c81bff64dfa
MD5 hash: 6935302137f3152317eb6a3b4a74f8c5
MIME type:application/x-dosexec
Signature KongTuke
File name:wmfclearkey.dll
File size:259'072 bytes
SHA256 hash: a59486c657007b3aa40edcfd709ab9e0e9d70a78305489a1d23230846963a54a
MD5 hash: 21416e4bca8fa0f0dd80be93233bd420
MIME type:application/x-dosexec
Signature KongTuke
File name:freebl3.dll
File size:233'472 bytes
SHA256 hash: ad742cec2b2ae8480c40dc350bc9fedbb228fb425721d6804f1a1e85ad030232
MD5 hash: 6e394c62f1f5a7d61fbf01e191d4f80f
MIME type:application/x-dosexec
Signature KongTuke
File name:mozinference.dll
File size:250'368 bytes
SHA256 hash: 6967dc803a9ef476960b6d680813c5387bdac0ddcf74729b0a0751db30b5c3d8
MD5 hash: 7b3f18f178472e9aff0e5fdaa32fca7f
MIME type:application/x-dosexec
Signature KongTuke
File name:vcruntime140.dll
File size:123'472 bytes
SHA256 hash: 184146852727a9db4eea06178716bec3cdbb1015c911f6b0f915b184ad7775b2
MD5 hash: 0d35c5e99871b4f02c490b9fd9dace34
MIME type:application/x-dosexec
Signature KongTuke
File name:nss3.dll
File size:238'592 bytes
SHA256 hash: 9849dcfb7ad7f2cdb7274b141b8a74ce34c8fd20e766a9adffc4a4d518a5098a
MD5 hash: 1c8a8478d75f34add6508c844ea3e967
MIME type:application/x-dosexec
Signature KongTuke
File name:libEGL.dll
File size:1'496'576 bytes
SHA256 hash: c9d3758301521245bf344392697176f0b822ba0fd9514566475f0f0509c58a18
MD5 hash: c6413c9c8501ea0ed35cfe57bd17b2ce
MIME type:application/x-dosexec
Signature KongTuke
File name:libGLESv2.dll
File size:1'672'704 bytes
SHA256 hash: 93c3a838f117784c8e762975234dfa4e2cc2d7139345a3eabc02871fa05b079a
MD5 hash: 0bc075819cec04c18c460199936f4bc1
MIME type:application/x-dosexec
Signature KongTuke
File name:notificationserver.dll
File size:233'984 bytes
SHA256 hash: 4caeeb57f799a061dbe7f961b907a100a26cd2cbd8800dedcc5b506baafb4aa9
MD5 hash: 21a56bfa09a6865da3d54d2e3492c19a
MIME type:application/x-dosexec
Signature KongTuke
File name:plugin-container.exe.local
File size:0 bytes
SHA256 hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
MD5 hash: d41d8cd98f00b204e9800998ecf8427e
MIME type:inode/x-empty
Signature KongTuke
File name:mozavcodec.dll
File size:294'400 bytes
SHA256 hash: a54104335aef01962edcec9b30ab334b4e33143b7684b8b0fa4113958c0d04f9
MD5 hash: c2ad0983c73398b2c4d293b565dee6c3
MIME type:application/x-dosexec
Signature KongTuke
File name:mozavutil.dll
File size:237'056 bytes
SHA256 hash: fcc9f9eb6cf26445f561e4281107373c496afcc5f44667810c3a66efabb71d90
MD5 hash: 77c988c9521a2d8dc6439d928f14d7ba
MIME type:application/x-dosexec
Signature KongTuke
File name:msvcp140.dll
File size:553'552 bytes
SHA256 hash: def46aa6a8f72f27bafac0c43334419486a4d1dcdb6c479a8ef7034b3e1fa4cb
MD5 hash: 4e3fa9bd90ef020c14359639dc19312b
MIME type:application/x-dosexec
Signature KongTuke
File name:firefoxupdate.dll
File size:234'496 bytes
SHA256 hash: f0f2f3d690255ff4fcd40253b49b6a3f1f327728bb8c98b8a040ecbef5118a5e
MD5 hash: 24514b2f51d90a5cf9d3ea4e61d22257
MIME type:application/x-dosexec
Signature KongTuke
File name:mozwer.dll
File size:234'496 bytes
SHA256 hash: 5387247541740e204972c9876b2ee75d4c53c8c22e3577b26ee285e32e5cf70b
MD5 hash: bc057617b3eed1f94f6782669c6018ec
MIME type:application/x-dosexec
Signature KongTuke
File name:lgpllibs.dll
File size:240'128 bytes
SHA256 hash: a5a4fa57fc012fba4530fe7fa9ae1b121907bb9839c3174a19adf8be3914fe41
MD5 hash: f1abac65a31f1a17f4d84e71ece57676
MIME type:application/x-dosexec
Signature KongTuke
File name:softokn3.dll
File size:243'712 bytes
SHA256 hash: 430ecc0cd5577f89b60aa5f0184de04828edb0f1196e6330150d4666d34835f3
MD5 hash: 5f74430d87920065b5cc24c85474b64a
MIME type:application/x-dosexec
Signature KongTuke
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Tags:
malware
Gathering data
Threat name:
Win32.Trojan.Qwexlafiba
Status:
Malicious
First seen:
2026-06-29 19:08:38 UTC
File Type:
Binary (Archive)
Extracted files:
43
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:CP_Script_Inject_Detector
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__QueryInfo
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerHiding__Thread
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:golang_bin_JCorn_CSC846
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:pe_detect_tls_callbacks
Rule name:PE_Digital_Certificate
Author:albertzsigovits
Rule name:RANSOMWARE
Author:ToroGuitar
Rule name:SEH__vectored
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA512_Constants
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:Suspicious_Process
Author:Security Research Team
Description:Suspicious process creation
Rule name:Sus_All_Windows_PE_Malware
Author:DiegoAnalytics
Description:Detects Windows PE malware of all types, avoids non-executables like .html
Rule name:TH_AntiVM_MassHunt_Win_Malware_2026_CYFARE
Author:CYFARE
Description:Detects Windows malware employing anti-VM / anti-sandbox evasion techniques across VMware, VirtualBox, Hyper-V, QEMU, Xen, and generic sandbox environments
Reference:https://cyfare.net/
Rule name:upxHook
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/
Rule name:VECT_Ransomware
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

zip 7b5121a41008653cda152a3bf5f0d0c44254fa3cd98af607dbc32f6e65341242

(this sample)

  
Delivery method
Distributed via web download

Comments