MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

MaksRAT

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a
SHA3-384 hash:	db4018260214ef516731165fdbb8d24da9e6155a42f21d76de2d37e0361a889e2a46ac40600cb59c8c0dad9c38eecb17
SHA1 hash:	783384c4febd9a64b6f7c0216c3ed61cdcdb157a
MD5 hash:	37bdd9f5f2621037d05d456e05919b4b
humanhash:	carpet-saturn-table-violet
File name:	884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a.jar
Download:	download sample
Signature	MaksRAT Create hunting rule
File size:	31'816 bytes
First seen:	2025-12-10 07:07:39 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	768:Y0yKkwFYH4M64JUldfFfyTmRr7sTZwvMnWSPAN5FHbuvAWdbI5yC:+KkLH44qB5yKrS9nw8RdOx
TLSH	T1D3E2F14D78B0F68AF33AC4D5852838DE22B7640F8BCA8398D442D8017B67C9FCD642D4
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	JAMESWT_WT
Tags:	foldacces-online maksrat rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:	Pussss.class
File size:	88'847 bytes
SHA256 hash:	8ab5503f2886dd32bc40e214615dcd7be0ccb01e9ff75eef75b330d2632727d4
MD5 hash:	a1fd688259fe274dc7309c256fa055f4
MIME type:	application/x-java-applet
Signature	MaksRAT

File name:	MANIFEST.MF
File size:	51 bytes
SHA256 hash:	b2b2e474b53a82f0a91470b8e83a7ab71a3ac3f95d8e4ac82cdd89980f4f7548
MD5 hash:	c8346c59cc5c903ac33216376ae67b04
MIME type:	text/plain
Signature	MaksRAT

File name:	mcmod.info
File size:	299 bytes
SHA256 hash:	148ee94193034bad245b8424d934e07050c3250525c2fc77fe8882e1e6a4ad35
MD5 hash:	789bf4ee825947974a0aacee796e2e2e
MIME type:	text/plain
Signature	MaksRAT

File name:	PussyClient.class
File size:	15'306 bytes
SHA256 hash:	41fb3db50350561fe2b43ff8dffb0328a372baca9ecee2e8b3ea75a33844a04d
MD5 hash:	095e4c368e44dcca6e68841333fdfee6
MIME type:	application/x-java-applet
Signature	MaksRAT

File name:	iiyjbyjvbqiuvlyi.class
File size:	309 bytes
SHA256 hash:	f3b71c901434175d63baad58693d8fc6fb581bc456b914d23d375c62c97510eb
MD5 hash:	d8c3c3f001867038afb53c5c76dc41d4
MIME type:	application/x-java-applet
Signature	MaksRAT

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/434832f4-9197-48ec-bdae-ce96c6f6499f/

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69391c66bde6a3e5970fb376

Tags:

virus java

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69391c6298941bdf1de5a197/reports/79a69837-2cf9-4d4c-b1ba-c5efe9905d6e/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a

Verdict:

Malicious

File Type:

rar

First seen:

2025-12-10T04:14:00Z UTC

Last seen:

2025-12-10T04:33:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/37bdd9f5f2621037d05d456e05919b4b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a/

Verdict:

Malicious

Threat:

Trojan-PSW.Java.Stealer

Link:

https://tip.neiki.dev/file/884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a

Threat name:

ByteCode-JAVA.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-11-24 07:26:06 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

7 of 24 (29.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rbh6hdy7q7765kdh26pzekaa7xx3nblnthwcymbcav72m4brpiva._file

Result

Malware family:

n/a

Score:

8/10

Tags:

credential_access defense_evasion discovery execution persistence stealer

Link:

https://tria.ge/reports/251210-knyvxawpfl/

Behaviour

Enumerates system info in registry

Kills process with taskkill

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Browser Information Discovery

Drops file in Windows directory

Adds Run key to start application

Loads dropped DLL

Command and Scripting Interpreter: PowerShell

Uses browser remote debugging

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/884fe38f1f87ffeea867d79f922800fdefb6856d99ec2c3022057fa670317a2a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample