MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 27 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4
SHA3-384 hash: ff33cd0837eff3fe7d727b5e7e1d481ee166fc9758d577705ad7f2108ad7308c759af8f60bd84ce416db060c3a291d22
SHA1 hash: 271c283d5cd2ab87199ac7da3cce959c130d0286
MD5 hash: 97133e97b41478eaf5ac99368d398505
humanhash: bluebird-texas-mars-violet
File name:SWIFT.zip
Download: download sample
File size:1'285'262 bytes
First seen:2025-11-17 12:26:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:Qfb6tlyhhwHwwg/Xqtbg3XnY21iLPg/cHjfjBZwJw606Iyq:9tlyhuwz/XqWnjib7jBZE2gq
TLSH T1BA5533957DECEE50DEE671201F883F806FEE27160E74299C21722828D44AEE3627735D
Magika zip
Reporter cocaman
Tags:SWIFT zip


Avatar
cocaman
Malicious email (T1566.001)
From: "jonax@thecheapestyoucanget.cheap" (likely spoofed)
Received: "from thecheapestyoucanget.cheap (thecheapestyoucanget.cheap [147.189.170.170]) "
Date: "12 Nov 2025 14:12:29 -0800"
Subject: "Re: SOA JANUARY - AUGUST 2025 (REVISED)"
Attachment: "SWIFT.zip"

Intelligence

File Origin
# of uploads :
1
# of downloads :
106
Origin country :
CH CH
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:SWIFT.exe
File size:23'080 bytes
SHA256 hash: e07c9a9d694a9dd7cae737c6c70c44b57ab0e4e3908aef104413ef6adf392922
MD5 hash: 52c02aaef956ab47c0a00468e21ecc0e
MIME type:application/x-dosexec
File name:api-ms-win-crt-heap-l1-1-0.dll
File size:20'936 bytes
SHA256 hash: 43c80120970be1efed3ea60bf7aa37b46fcce946b94fb11ca6e3ffff2f16bb29
MD5 hash: bacc491eb1dee4786ade841e7b480cd8
MIME type:application/x-dosexec
File name:concrt140e.dll
File size:298'202 bytes
SHA256 hash: 9c80b9496648175f4ed3d1c84b344948b7446d61593219a3c913a2567a26eab8
MD5 hash: aae8fea4f769f9506d94d0a442d08461
MIME type:application/octet-stream
File name:api-ms-win-crt-string-l1-1-0.dll
File size:25'032 bytes
SHA256 hash: 4429b8e6707645fb503ebc3bd50ce2a84f559b6a2ed778196835808bdfec2f48
MD5 hash: 535d1195f493f7d92fe9007258494ebc
MIME type:application/x-dosexec
File name:VCRUNTIME140.dll
File size:85'784 bytes
SHA256 hash: 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
MD5 hash: 1453290db80241683288f33e6dd5e80e
MIME type:application/x-dosexec
File name:api-ms-win-crt-math-l1-1-0.dll
File size:29'120 bytes
SHA256 hash: 5ba8f9c2842990ccdb447fc6d22023103b03f5387f341d3375809f060b5bb4ef
MD5 hash: 0936c89e36a8bac313de187e50c61078
MIME type:application/x-dosexec
File name:api-ms-win-crt-filesystem-l1-1-0.dll
File size:20'928 bytes
SHA256 hash: 42a99227775e85ca8c197811a86aad0e2af496bd21623e4c9a2dd747571c8990
MD5 hash: bbbf361746440219a3f7933ced5234bb
MIME type:application/x-dosexec
File name:api-ms-win-crt-stdio-l1-1-0.dll
File size:25'032 bytes
SHA256 hash: c1541ed4dc6879a136bf532393f7cefd3c48ad371d2ed9965e7cbd44c87a1137
MD5 hash: a3f3ffcde3dd59cc94fb7dba16715671
MIME type:application/x-dosexec
File name:api-ms-win-crt-runtime-l1-1-0.dll
File size:25'040 bytes
SHA256 hash: 698fa887c5b994375c9271222e21d0d4c74810e73d377ad898927549fb69dcb3
MD5 hash: 01380df01b9e61fc241f82f8fb984c2d
MIME type:application/x-dosexec
File name:api-ms-win-crt-convert-l1-1-0.dll
File size:25'032 bytes
SHA256 hash: 2ccb01b62188ddc051a582c128bf880608111c602534e487ec09a7cf67c22d17
MD5 hash: cf95a8f66313283f046ba9e6e5cdbba4
MIME type:application/x-dosexec
File name:jli.dll
File size:1'840'640 bytes
SHA256 hash: c0baf892597238aa02ccc4fdd3e9d56e2d870d04d933ae67c3463cc3cc3cab7f
MD5 hash: ca3bb771bacb080c5e664a531650792d
MIME type:application/x-dosexec
File name:api-ms-win-crt-locale-l1-1-0.dll
File size:20'936 bytes
SHA256 hash: 6011ece89f4833dcb4cefb02ea366b828725205eae6f25ab704b76fd9e5d86eb
MD5 hash: fb992bbb73e0127c70d075f81e52aaf9
MIME type:application/x-dosexec
File name:api-ms-win-crt-environment-l1-1-0.dll
File size:20'936 bytes
SHA256 hash: 5a2ae5b270c1eaf467878e7f5dbdc689b71914bdf30293d7d46c01d9dd11bdd4
MD5 hash: 71407c52ff12b113cc0498fdd42db8dc
MIME type:application/x-dosexec
Vendor Threat Intelligence
Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fb57743bdc93eb0563ce5c
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4/results/dashboard
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4
Verdict:
Malicious
File Type:
zip
First seen:
2025-11-12T20:11:00Z UTC
Last seen:
2025-11-12T20:34:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4/results?tab=lookup
Score:
90%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/97133e97b41478eaf5ac99368d398505
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4/
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-13 14:35:00 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
19 of 36 (52.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rteyj6ho5rnxskmosn54ii2se53yvkq2cgwjnyxnthank5bio2sa._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
n/a
Link:
https://tria.ge/reports/251117-prxjgaxrdt/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__MemoryWorkingSet
Create hunting rule
Author:Fernando Mercês
Description:Anti-debug process memory working set size check
Reference:http://www.gironsec.com/blog/2015/06/anti-debugger-trick-quicky/
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

zip 8cc984f8eeec5b79298e937bc4235227778aaa1a11ac96e2ed99c0d5742876a4

(this sample)

2ccb01b62188ddc051a582c128bf880608111c602534e487ec09a7cf67c22d17

  
Delivery method
Distributed via e-mail attachment
  
Dropping
SHA256 2ccb01b62188ddc051a582c128bf880608111c602534e487ec09a7cf67c22d17
  
Dropping
SHA256 5a2ae5b270c1eaf467878e7f5dbdc689b71914bdf30293d7d46c01d9dd11bdd4
  
Dropping
SHA256 42a99227775e85ca8c197811a86aad0e2af496bd21623e4c9a2dd747571c8990
  
Dropping
SHA256 43c80120970be1efed3ea60bf7aa37b46fcce946b94fb11ca6e3ffff2f16bb29
  
Dropping
SHA256 6011ece89f4833dcb4cefb02ea366b828725205eae6f25ab704b76fd9e5d86eb
  
Dropping
SHA256 5ba8f9c2842990ccdb447fc6d22023103b03f5387f341d3375809f060b5bb4ef
  
Dropping
SHA256 698fa887c5b994375c9271222e21d0d4c74810e73d377ad898927549fb69dcb3
  
Dropping
SHA256 c1541ed4dc6879a136bf532393f7cefd3c48ad371d2ed9965e7cbd44c87a1137
  
Dropping
SHA256 4429b8e6707645fb503ebc3bd50ce2a84f559b6a2ed778196835808bdfec2f48
  
Dropping
SHA256 9c80b9496648175f4ed3d1c84b344948b7446d61593219a3c913a2567a26eab8
  
Dropping
SHA256 c0baf892597238aa02ccc4fdd3e9d56e2d870d04d933ae67c3463cc3cc3cab7f
  
Dropping
SHA256 e07c9a9d694a9dd7cae737c6c70c44b57ab0e4e3908aef104413ef6adf392922
  
Dropping
SHA256 2b7602cc1521101d116995e3e2ddfe0943349806378a0d40add81ba64e359b6c
  
Dropping
MD5 aae8fea4f769f9506d94d0a442d08461
  
Dropping
MD5 ca3bb771bacb080c5e664a531650792d
  
Dropping
MD5 52c02aaef956ab47c0a00468e21ecc0e

Comments