MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2
SHA3-384 hash: 73a6ceac818a3c036fd8cb533d1ea8839f62b8f3c3ccff008ad9672c2567fb5bd462b64d2491506073185ab21a1badb6
SHA1 hash: 2e3e5417ade1a99c1470168802c7d1dde53c5ed4
MD5 hash: 0dccbf0633c01135b9b14343bdaad426
humanhash: grey-ack-rugby-aspen
File name:Module.jar
Download: download sample
File size:7'523'972 bytes
First seen:2026-01-12 21:59:26 UTC
Last seen:2026-01-13 18:18:18 UTC
File type:Java file jar
MIME type:application/zip
ssdeep 98304:pO4HvUEQ5NPepaMRvDzUZ+dgLAWXluI2Tn/rhAnlNQclIeME8uVIhmSjJFhaJK+2:ptHvB2JAxvHCc2ln279shOZEFS1GK+J0
TLSH T1907601277D8AC969D96744B351C281536A2A0AD9E80BD03F22E44DC95E71FCB03D2FED
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter burger
Tags:jar WeedHack

Intelligence

File Origin
# of uploads :
2
# of downloads :
156
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
stage_2_weedhack.jar
Verdict:
No threats detected
Analysis date:
2026-01-10 21:14:06 UTC
Tags:
java
Link:
https://app.any.run/tasks/b59fa38e-88c4-4aa1-8460-7dacea524751

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/48675/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6962c11c9922425f92ffb455
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69656f0ec82deb762e7a93db/reports/2d086b29-f168-42b8-a05b-74ceabb8a900/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2
Verdict:
Malicious
File Type:
jar
First seen:
2026-01-12T23:20:00Z UTC
Last seen:
2026-01-13T16:00:00Z UTC
Hits:
~10
Detections:
UDS:DangerousObject.Multi.Generic
Link:
https://opentip.kaspersky.com/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1849554
Signature
Joe Sandbox ML detected suspicious sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1849554 Sample: Module.jar Startdate: 12/01/2026 Architecture: WINDOWS Score: 52 13 shed.dual-low.part-0029.t-0009.t-msedge.net 2->13 15 part-0029.t-0009.t-msedge.net 2->15 17 2 other IPs or domains 2->17 19 Multi AV Scanner detection for submitted file 2->19 21 Joe Sandbox ML detected suspicious sample 2->21 7 cmd.exe 2 2->7         started        signatures3 process4 process5 9 java.exe 3 7->9         started        11 conhost.exe 7->11         started       
Score:
66%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2
Threat name:
Package.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-05 23:37:58 UTC
File Type:
Package (Java)
Extracted files:
3279
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qygy5fe7pnegvan4w4kxxdpvtszj5gev5qpcct7pjb6wjhbku2ra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260112-1w2vjafw7b/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java file jar 860d8e949f7b486a81bcb7157b8df59cb29e9895ec1e214fef487d649c2aa6a2

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/48675/
  
URLhaus
https://urlhaus.abuse.ch/url/3757055/

Comments


Avatar
commented on 2026-01-13 18:18:39 UTC

Stage 2 Weedhack Payload