MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KongTuke


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918
SHA3-384 hash: 4bc2f5daee41143f458d0d2d731c5de97c3136f2954b73a8be21b4a87448054eae24a299aa82aa30816b33e359ffff22
SHA1 hash: 345597fe28b75dbad72973881a15a419a5908ad7
MD5 hash: e44096b5c7a430bdd714412a237d6e9b
humanhash: tennessee-pasta-eighteen-maryland
File name:pool
Download: download sample
Signature KongTuke
Create hunting rule
File size:205'653 bytes
First seen:2026-06-01 15:06:22 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 1536:0tsj/AW9Z7T5Pb0e/y+lLFJX3g53rj9v52+P4z15T:0ta/AW9hlPbBLJHgZ/F50vT
TLSH T14614CDD6AF0A0F7513F5C9A752E881918E9188E4FE7E8706F4CFC861584C895F2936CB
Magika powershell
Reporter monitorsg
Tags:Kongtuke ps1


Avatar
monitorsg
hXXps://marqueq[.]lol/file.js (ClickFucker) --> hXXps://marqueq[.]lol/api/v1/session (token) --> hXXps://marqueq[.]lol/api/v1/verify (gateway) --> hXXps://marqueq[.]lol/api/v1/status (clipboard) --> hXXps://gloason[.]com/white/pool (powershell)

Intelligence

File Origin
# of uploads :
1
# of downloads :
83
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a1da15f5a2e3b5e58e503cc
Tags:
phishing xtreme shell agent
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
encrypted obfuscated
Link:
https://www.filescan.io/uploads/6a1da15746e44aecc0c870c8/reports/fbca1883-efb3-4c2d-855e-92cac5ece4c2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918
Verdict:
Clean
File Type:
ps1
Link:
https://opentip.kaspersky.com/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918/results?tab=lookup
Score:
88%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-01 15:12:40 UTC
File Type:
Text
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qtgmvji7h3nap3mhgr3khoziwxqwqkajilf3rjl7pke6v7eorema._file
Result
Malware family:
mintsloader
Create hunting rule
Score:
  10/10
Tags:
family:mintsloader execution loader suricata
Link:
https://tria.ge/reports/260601-slctnagy8z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Badlisted process makes network request
Family: MintsLoader
Suricata alert: MintsLoader Outbound C2 Communication
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

PowerShell (PS) ps1 84cccaa51f3eda07ed873476a3bb28b5e168280942cbb8a57f7a89eafc8e8918

(this sample)

  
Link
https://infosec.exchange/@monitorsg/116675469634251028
  
Delivery method
Distributed via web download

Comments