MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad
SHA3-384 hash: 14e79a91aedd065066a9a1c57a7cb2e23a5df2bb56431026bf2862f1a6c0c4910f7ad4fc852e8f52d5a9c4e457dd80f3
SHA1 hash: 8a00ee577458e9c6481c35658c4f3cbfafe149e4
MD5 hash: 1383e309712189f66d42e9fda852a389
humanhash: don-zulu-autumn-freddie
File name:class
Download: download sample
File size:91'279'141 bytes
First seen:2026-02-04 16:09:56 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1572864:OOYxI4pxtGhf2byZw25/L1eV01S2IaCWZDYt8OB/ZKp1CaQQhWWJoZgF0d73jSfB:OOKI4pSlRw2/I3025B/sp1CQh9OC+REB
TLSH T1F61833087D22259EFE3D9530C4585274E7A0022545B2ACF68A2E22D335D3FCB5B79B7E
Magika zip
Reporter monitorsg
Tags:SmartApeSG zip


Avatar
monitorsg
hXXps://mezcalpro[.]com/scq (injected) --> hXXps://socialitei[.]com/callback/logout-payload.js --> hXXps://socialitei[.]com/callback/proxy-parser.php --> hXXps://socialitei[.]com/callback/refresh-parser.js (clickfix) --> hXXp://193[.]42.38.38/func (HTA) --> hXXps://neymbus[.]com/func (HTA) --> hXXps://193[.]42.38.38/class (ZIP)

Intelligence

File Origin
# of uploads :
1
# of downloads :
202
Origin country :
US US
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/83068992-0a84-4356-afdd-e1889e68c04e/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6980e8bc0bdf9fb6cc09644f
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Score:
15%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rarv6z7ryuslopwosyhsrak5mk6iel2fq3rjflhpzps6r2ox6wwq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/260204-tmqmksev3c/
Behaviour
Suspicious behavior: EnumeratesProcesses
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip 88235f67f1c524b73ece960f28815d62bc822f4586e292acefcbe5e8e9d7f5ad

(this sample)

  
Link
https://infosec.exchange/@monitorsg/116013228581960779
  
Delivery method
Distributed via web download

Comments