MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03
SHA3-384 hash: eeb013525d7c5227fa8148a23fce8d0a96ac47a61d717db10ce4205e39f13494b94a4924ad0e303a06423e0d5a8100c9
SHA1 hash: dc3e519c78c8c09be1b3409204957f6bd18acacc
MD5 hash: c0b55df55e1a8e48dc2e22fa54b05792
humanhash: papa-nineteen-louisiana-fifteen
File name:85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03.jar
Download: download sample
File size:22'534'391 bytes
First seen:2026-03-17 13:55:29 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 393216:hZBwa8uEEfmZ9ZmWxOldus8mBgLNv6zmgiJuP8Zkw9jHSCR:hZBwagE6YWxOK6gF6i7dZkIjHj
TLSH T135371273B0DD9936E9B78A3794A10463783E25DDE40BB03A34F84D439DB3C8A97127A5
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter JAMESWT_WT
Tags:jar SugarSMP

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03.jar
Verdict:
Malicious activity
Analysis date:
2026-03-17 13:56:49 UTC
Tags:
anti-evasion discord stealer aegis evasion
Link:
https://app.any.run/tasks/14091663-2436-4723-9052-b685c73fa0cb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/57735/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b95d9088c80c01586b2260
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm base64 bash evasive lolbin macros-on-close wmic
Link:
https://www.filescan.io/uploads/69b95d862000fc76c3e5ad52/reports/92131b7d-5b42-42af-8548-b5d3e50dd1d4/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03
Verdict:
Malicious
File Type:
jar
Detections:
HEUR:Trojan-PSW.Java.Stealer.gen HEUR:Trojan-PSW.Java.Generic
Link:
https://opentip.kaspersky.com/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03
Gathering data
Verdict:
Malicious
Threat:
Family.AEGIS
Link:
https://tip.neiki.dev/file/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qwds2jt6ces6ro5ayrqkrj2bnueel2lzjje2scqn32gjiapqpibq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion
Link:
https://tria.ge/reports/260317-q8va4sdz2s/
Behaviour
Suspicious use of WriteProcessMemory
Views/modifies file attributes
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.65
Link:
https://yomi.yoroi.company/submissions/85872d267e1125e8bba0c460a8a7416d0845e9794a49a90a0dde8c9401f07a03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/57735/

Comments