MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 6 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213
SHA3-384 hash: 65455f02c469df42a2a6703a48fe7fec26be5d20dd5e8e1eae14cb26d4cc1af6abedefc68773cf9ca1ba1dba8d317c55
SHA1 hash: 55d4aaef34e3a7c59f2252180b28bdb383651ed3
MD5 hash: bec053796102aace66437c22db744908
humanhash: island-lamp-eight-timing
File name:Merger_and_Acquisition_Details.zip
Download: download sample
File size:65'149 bytes
First seen:2025-12-10 22:52:21 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 768:MXCKcrDS6gvS5DRf2Sk3pFR5CvefIqS/uSlmvb846u4/RDKz8e7Qge8aHxSa0CPy:MXCLVDtIPCmf50IIt8j7QgePSJUlamSb
TLSH T14E5302D1CC65264E9B4F075FD9C6E8AEC9303A9B7A830EBC0DC72285434A4E44FA13D9
Magika zip
Reporter smica83
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
HU HU
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/3def9d72-43ee-4727-ba56-c872c748f420/
Detection(s):
Sanesecurity.Foxhole.Zip_txt.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.28759.LnkHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.32317.LnkHeur.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.30774.LnkHeur.UNOFFICIAL
Create hunting rule

TwinWave.EvilDoc.DOCXRSTRGOOD._OUTFILE.220426B64.4.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL
Create hunting rule

TwinWave.EvilLNK.HotMetalDobermans.20240516.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
95.7%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6939f9dca675b653bd0feabe
Tags:
infosteal virus miner
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
encrypted
Link:
https://www.filescan.io/uploads/6939f9dbcf690d27f3dbda89/reports/a3b8b67e-f2dd-4159-b4ba-a01de396242d/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213
Details
Document With Few Pages
Document contains between one and three pages of content. Most malicious documents are sparse in page count.
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-05T00:06:00Z UTC
Last seen:
2025-12-05T00:57:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213/results?tab=lookup
Score:
35%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213
Verdict:
Malware
YARA:
3 match(es)
Tags:
Batch Command DeObfuscated Execution: CMD in LNK Execution: PowerShell in LNK LNK LOLBin LOLBin:powershell.exe Malicious PowerShell PowerShell Call T1059.001 T1059.003 T1202: Indirect Command Execution T1204.002 Zip Archive
Link:
https://app.malva.re/file/bec053796102aace66437c22db744908
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/92d8996dca7f85e9800bdacf8b2286c7c43e791edcb503cc92c40e129c270213/
Threat name:
Win32.Trojan.WinLnk
Create hunting rule
Status:
Malicious
First seen:
2025-12-06 09:14:30 UTC
File Type:
Binary (Archive)
Extracted files:
5
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=slmjs3okp6c6taal3lhywiugy7cd46i63s2qhtesyqhbfhbhaijq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Detect_Remcos_RAT
Create hunting rule
Author:daniyyell
Description:Detects Remcos RAT payloads and commands
Rule name:EXT_EXPL_ZTH_LNK_EXPLOIT_A
Create hunting rule
Author:Peter Girnus
Description:This YARA file detects padded LNK files designed to exploit ZDI-CAN-25373.
Reference:https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
Rule name:LNK_sospechosos
Create hunting rule
Author:Germán Fernández
Description:Detecta archivos .lnk sospechosos
Rule name:Long_RelativePath_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies shortcut (LNK) file with a long relative path. Might be used in an attempt to hide the path.
Rule name:PS_in_LNK
Create hunting rule
Author:@bartblaze
Description:Identifies PowerShell artefacts in shortcut (LNK) files.
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments