MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88b4057f963af355ea024e3d09cdce27e41682871e9e59902a2d43329b467baf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash:	88b4057f963af355ea024e3d09cdce27e41682871e9e59902a2d43329b467baf
SHA3-384 hash:	0d17a22b46bf711572d727b1920f953642ed354973c514a2a01dfa1faa5d9075ddd7deb7cb649aea050dace78009260d
SHA1 hash:	eff1b3985822a6e37b6d297010d1fe835969490f
MD5 hash:	53e153c33e1e498d3fc1bf5d28cfd7a1
humanhash:	four-queen-sad-magazine
File name:	stego.zip
Download:	download sample
File size:	4'647'870 bytes
First seen:	2026-06-29 15:59:02 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	98304:dUh4I/PQVZv/WLOmsjOjh5hM2hTZ8IYr02NN845HAXAVh:e4I3s6AOjhI2h+YSDh
TLSH	T10E263343C93AA8D6ECBE269392436DC81916539A6B25F95F0CD8F78178216F47B3D330
Magika	zip
Reporter	JAMESWT_WT
Tags:	216-9-224-48 kzaa-co-za Spam-ITA stego xambby--tourtrade-shop zip

Intelligence

File Origin

# of uploads :

# of downloads :

178

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	stego
File size:	4'762'496 bytes
SHA256 hash:	050d4043af02c7cfaf00f257f28e8c8313f6f444c843def486fc2141d379da49
MD5 hash:	83bf51bd93b6db1b112f6ad8c45241b4
MIME type:	image/jpeg

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/e796e8ee-c42f-4fda-a84b-ef10d305613e/

Detection(s):

SecuriteInfo.com.Generic-EXE.UNOFFICIAL

TwinWave.EvilImg.MZSmuggerlsRideAllNight1.20231012.UNOFFICIAL

TwinWave.EvilIMG.MZSmugglersRideAllNight.M2.20231012.UNOFFICIAL

TwinWave.EvilZip.OnAndOn.20221219.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a32969854a045c34089e7b2

Tags:

shellcode virus msil

Result

Verdict:

Unknown

File Type:

ZIP File

Link:

https://app.docguard.net/88b4057f963af355ea024e3d09cdce27e41682871e9e59902a2d43329b467baf/results/dashboard

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

base64 cmd cscript lolbin msbuild obfuscated overlay packed regasm runonce vbc wscript

Link:

https://www.filescan.io/uploads/6a4296607e84217ac4f61c6c/reports/32550b18-94f9-401f-804a-fd06ebe6097d/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/88b4057f963af355ea024e3d09cdce27e41682871e9e59902a2d43329b467baf

Verdict:

Unknown

File Type:

zip

Link:

https://opentip.kaspersky.com/88b4057f963af355ea024e3d09cdce27e41682871e9e59902a2d43329b467baf/results?tab=lookup

Score:

33%

Verdict:

Susipicious

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample