MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 28 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d
SHA3-384 hash: 30926d646a8fc0aebf8e7e4a5ad088efa8e893ca93fa2c0532606237e2de8361cb0066603c8c9f980e58fba533a7ecda
SHA1 hash: 51dd70a085e3c5362124562b9b0c7c0a075f1b95
MD5 hash: 65f2a72ea0489f8bd230c65538343f40
humanhash: aspen-lactose-victor-six
File name:Cover.zip
Download: download sample
File size:1'128'204 bytes
First seen:2025-12-23 10:55:48 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 12288:75f+oMfespqRq27sXC4SNhNjdCSBUPn2Y9mH1kStBW2H6vWB92N4+YjOR38GPUE2:7LKpmq2pM2tVkiEuxU++LN2oJO
TLSH T1253533A36B832B60D6FCCBF6CDDF28C526D060875AF579493FAC218A5CA6410977D348
TrID 66.6% (.XPI) Mozilla Firefox browser extension (8000/1/1)
33.3% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter JAMESWT_WT
Tags:cover thepiratebay-st zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
IT IT
File Archive Information

This file archive contains 21 file(s), sorted by their relevance:

File name:RealtekCodec.bat
File size:833 bytes
SHA256 hash: f32ef0d43b7030d470935102c8cd0ae2b2b1c9e3cb8e4ad7a7912c1c30eeb679
MD5 hash: 77a9d6a80f7481d3f7d68fa3b7f34e71
MIME type:text/x-msdos-batch
File name:RealtekAudioSyncHelper.bat
File size:226 bytes
SHA256 hash: 997176a7d2a65627a3c4f5f3ba4ce1d7db456342a8a213b830c862f1284b00a1
MD5 hash: a283c482233fff9144484fdc07eb68f0
MIME type:text/x-msdos-batch
File name:part2.txt
File size:69'862 bytes
SHA256 hash: 8cc89a6b7057a1562b1ed18186fd0617511a7d7ee7d6ed551feaf89a07036d4e
MD5 hash: 278f4a9e8b4cd52968a042ee91d00ac6
MIME type:text/plain
File name:{AFBF97F1A-4EE4-1a17-AF34-C647E37CA0D9}.1.ver0x0001000000000002.db
File size:160 bytes
SHA256 hash: 1c444c64b4d52a8de53ed9b976d867d5f7fadbd18d957651a3b4faafd9ac89a7
MD5 hash: d490857cb09db982f14b27b52e132e17
MIME type:text/plain
File name:{ABBF9F3A-4EE4-1C17-AF33-C637E37CA0D9}.1.ver0x0200040000100002.db
File size:1'049'293 bytes
SHA256 hash: 768619b03596bf7969d5830c15d12abfe7ff75a918a5dffd15680d2f1e303ef1
MD5 hash: 71a5f74c13829ef5f88b5668ee580379
MIME type:text/plain
File name:{AFBF9F1A-1EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
File size:72 bytes
SHA256 hash: 46d4927f685dd5220acd7a3e013eefa0f34af031ab82a31ae697b020c48fb7a6
MD5 hash: 8768542d9d30cd963af7c575770a802b
MIME type:text/plain
File name:Part3.Resolution
File size:2'762 bytes
SHA256 hash: d3ef9f47ab20192f4f1acb7098a4481f2faca5778e3e31e8aa61414af87328d7
MD5 hash: 2b04f5e11f985670bb5bf4d87409aebd
MIME type:text/plain
File name:part3.txt
File size:69'862 bytes
SHA256 hash: e04550c560262545b88a0510112a6aaeda1d78e0384aa5c4a3c54ae4341148c8
MD5 hash: f13f674ab0c71e9b06fa165da04f38a4
MIME type:text/plain
File name:AudioTask.xml
File size:1'616 bytes
SHA256 hash: f5e1ac589881d19d7015c095751e5de2f63882a90a34d31d70cf4ab8d18109d8
MD5 hash: 8ae3ec0d127cb27d7cf9d85be7e0ecd0
MIME type:text/xml
File name:RealtekAudioService.go
File size:744 bytes
SHA256 hash: 03db7129f32a3bd751373cbe2963a6f169529a38ceedebe18c5d94cd327f4d12
MD5 hash: 70ca63a734dd582e729a215a869370a5
MIME type:text/x-c
File name:{AFBF9F1A-2EE2-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
File size:56 bytes
SHA256 hash: 2f5d7f8f609edfb152d1de8453a1e091cdf67504712928f529cd8701956d0c15
MD5 hash: b7e96b2e4c3335a6b640a95f8280ad90
MIME type:text/plain
File name:{AFBF9F1A-3EE3-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
File size:32 bytes
SHA256 hash: be5088e885c98b190c9d478f7d65f2c3f7b3c56ea00c0aa77a3a54b84679abee
MD5 hash: cc3cc004225eb76f0f43f1997d7583df
MIME type:text/plain
File name:{AFBF97F1A-4EE4-1a17-AF34-C647E37CA0D9}.1.ver0x0343400000000002.db
File size:112 bytes
SHA256 hash: 4cb823e8a3c14c172eb7c9f79250dee320b5925a0ad1911666d38b5a8b20f032
MD5 hash: 61eb5d761662801dda9c6f9488ddbde0
MIME type:text/plain
File name:RealtekDriverInstall.ps1
File size:5'009 bytes
SHA256 hash: 512b423032c7c8c717ed051b1793fbbc90156719f1b4e68f98bccb02c9f93ccc
MD5 hash: 4e75e7fea0f7448ea03592b2a9b86b45
MIME type:text/plain
File name:{AFBF9F2A-4EE4-4C27-AF34-C647E37CA0D9}.1.ver0x0000300002000403.db
File size:2'184'154 bytes
SHA256 hash: 0ea37960060f8105d7d1e04c76f91e2d2f87060cac77159bee0f65a715e3ad0f
MD5 hash: 95a55efc3fe3436fb2ff45954a75454d
MIME type:text/plain
File name:{AFBF9F1A-4EE4-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000003.db
File size:48 bytes
SHA256 hash: 74fb81bfc292132a0286e18b1918ee01628c4970513b76912e13a159b507dceb
MD5 hash: c8ecb2329e493a72171cc08e2bcc9eaa
MIME type:text/plain
File name:part1.txt
File size:69'862 bytes
SHA256 hash: 0aef6119f4b0803e626f91e8ec4922a87a969096f716fea503b773031d09654f
MD5 hash: 16eacd106a990b765690c7f6ad34bb66
MIME type:text/plain
File name:{AFBF9F3A-4EE4-1C17-AF32-C647E37CA0D9}.1.ver0x0000040000000002.db
File size:520 bytes
SHA256 hash: 0a572ee5508d9310936801a04237d56f118dff4dbaa98f60070988cc4b8ca460
MD5 hash: 6a08392ecf95df7fc91917dcfaae8da6
MIME type:text/plain
File name:RealtekAudioService.db
File size:19'361 bytes
SHA256 hash: 6c8bcd3e3d0ff6ff8d63aaa5476da66294d27a21ecb701a0189d6432a73a7b05
MD5 hash: e37adf49e9186ff900ac5ded3f4d0890
MIME type:text/plain
File name:RealtekUpdateDriver.ps1
File size:1'181 bytes
SHA256 hash: bd681b907f581e888591c65caa1a1f3bd68b643e10993710a8f15165348d603e
MD5 hash: 9206db28a0b6ab71f43543858bfd7fa4
MIME type:text/plain
File name:{AFBF9F1A-4EE4-1C17-AF34-C647E37CA0D9}.1.ver0x0000000000000005.db
File size:56 bytes
SHA256 hash: 4031f071731e1f82b562736ac9ebb4d0984abb7dfa9f070f60247645f8bb18ae
MD5 hash: 98bf357c14f97108f46d90af0d3302df
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/8ddbe5d0-ae28-474f-8411-5a2ac4f73d5c/
Detection(s):
SecuriteInfo.com.Generic-EXE.UNOFFICIAL
Create hunting rule

TwinWave.EvilZip.OnAndOn.20221219.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.Base64EXE-2.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.Powershell.Downloader-3.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.GenericFCA.Agent.114133.16820.17721.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693d36e0a675b653bd10d35d
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-23T09:31:00Z UTC
Last seen:
2025-12-23T10:08:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d/results?tab=lookup
Score:
97%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d/
Threat name:
Win32.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2025-12-23 10:56:16 UTC
File Type:
Binary (Archive)
Extracted files:
21
AV detection:
8 of 36 (22.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=trohphhwiwbbn5hphou4ucblcsblt4nqj3eager54htzwmh3h2oq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
defense_evasion discovery execution persistence
Link:
https://tria.ge/reports/251223-npjddsvrdy/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
https://go.dev/dl/go1.25.1.windows-amd64.zip
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9c5c779cf6458216f4ef3ba9ca082b1482b9f1b04ec803123de1e79b30fb3e9d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:Detect_Golang_Binary
Create hunting rule
Author:Andrew Morrow
Description:Detects binaries compiled with Go
Rule name:detect_powershell
Create hunting rule
Author:daniyyell
Description:Detects suspicious PowerShell activity related to malware execution
Rule name:Detect_PowerShell_Obfuscation
Create hunting rule
Author:daniyyell
Description:Detects obfuscated PowerShell commands commonly used in malicious scripts.
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:GoBinTest
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Sus_CMD_Powershell_Usage
Create hunting rule
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments