MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a
SHA3-384 hash: 020522f72177fb5337c4e6a23b78d37e32dc13689238fef96cff9a6ffb61cd080e02f37ae69e33a61c14a6ca4ff4c084
SHA1 hash: b62b2b505eb298c068e5a7f1af8a6ebff54e307f
MD5 hash: 6f4b9261aad4a7b30c0afef6ff19778e
humanhash: hotel-tango-sierra-india
File name:zip
Download: download sample
File size:85'328'653 bytes
First seen:2026-03-23 17:09:07 UTC
Last seen:2026-03-25 00:49:36 UTC
File type: zip
MIME type:application/zip
ssdeep 1572864:FTuLl2XD9uUeuQPUzkRXjJKY0BvcwyA0d4eb5KskiIjsezwMG2:FTu4uUejszmXj9y0F5DkizI
TLSH T1C51833DDA3654A4851AFBDF02D473D8BF17A0E1430BA8025DC07B39A7A7B9C1227865F
Magika zip
Reporter monitorsg
Tags:file-pumped SmartApeSG zip


Avatar
monitorsg
hXXps://ijels[.]com/ch (injected) --> hXXps://vcretysec[.]top/redirect/secure-schema.js --> hXXps://vcretysec[.]top/redirect/verify-thread.php --> hXXps://vcretysec[.]top/redirect/router-serializer.js (clickfix) --> hXXps://frescotrem[.]com/rs/doc (HTA) --> hXXps://frescotrem[.]com/ts/zip (ZIP)

Intelligence

File Origin
# of uploads :
2
# of downloads :
218
Origin country :
US US
File Archive Information

This file archive contains 38 file(s), sorted by their relevance:

File name:metashape.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:130'548'608 bytes
SHA256 hash: 6dd50f7c8a5cc34128283d98db5f636c50cd89b196ffe612f24d9529c6195e56
MD5 hash: 47d3e92d2d60be1028b117451693854e
De-pumped file size:130'538'496 bytes (Vs. original size of 130'548'608 bytes)
De-pumped SHA256 hash: 7bdc75eeecbb5d58106041c83c8c4ff9b5726c29a9575efaf430bac19b85f83a
De-pumped MD5 hash: 543cc3ce2f5313f2a11c521b90412210
MIME type:application/x-dosexec
File name:vcruntime140_1.dll
File size:49'560 bytes
SHA256 hash: 6fd366a691ed68430bcd0a3de3d8d19a0cb2102952bfc140bbef4354ed082c47
MD5 hash: cf0a1c4776ffe23ada5e570fc36e39fe
MIME type:application/x-dosexec
File name:libstdc++-6.dll
File size:2'463'194 bytes
SHA256 hash: ffdee6daaa4afc1975a4ec0371161078a864c6c1f27186b93a673801cad99eba
MD5 hash: 444c1509eb2e1dfa3e23a4f92cc97b31
MIME type:application/x-dosexec
File name:libgmp-10.dll
File size:553'144 bytes
SHA256 hash: 3c6f3b54656b5dd3cc7a25643c0c48caeaeda61c06f6df69c77640a39fac7c32
MD5 hash: 9bc57c908677eea99f7a9646d6dff590
MIME type:application/x-dosexec
File name:libgcc_s_seh-1.dll
File size:151'364 bytes
SHA256 hash: 729214efc075b7d4a6fd6309d13f8c49574f3d30c60cf0fb6fc002d90a265866
MD5 hash: 34883f52673bded72f9aa7492476dfed
MIME type:application/x-dosexec
File name:libopenblas.dll
File size:29'734'784 bytes
SHA256 hash: 9d8f53e749aed6ec4e9308c7d2c89a4870b4aa0a440979ff5360b5549ade810a
MD5 hash: 342980ab2a8d78d3553c514145d730ea
MIME type:application/x-dosexec
File name:msvcp140_2.dll
File size:268'912 bytes
SHA256 hash: fbb8557f73ab9a207bd67643fdcf9ae34527325d227c53707cebdf0d1c8c4658
MD5 hash: f7b44650da2eb3b80cdda2ac699f4a0f
MIME type:application/x-dosexec
File name:customer.bak
File size:924'434 bytes
SHA256 hash: ddca2e8d4010925de0b5bae86d6b1c932234acaae7bbe1727734cacbab2d7c39
MD5 hash: fd7c07dd2c85d70aa573af8edcc1500b
MIME type:application/octet-stream
File name:Qt5PrintSupport.dll
File size:321'408 bytes
SHA256 hash: 84d5887b7cb715fddce09bb604cd533a706b72e64afcc2411ea5aa7e794037c8
MD5 hash: 40077528c05e59573a16f83396aca01c
MIME type:application/x-dosexec
File name:Qt5Widgets.dll
File size:5'549'952 bytes
SHA256 hash: 630f00029df8b2f82e15cb929a26c1559360ed2781e97925bfb2bcb55036292a
MD5 hash: 1abef01d3c1641c4f540b60aa828b196
MIME type:application/x-dosexec
File name:qwindowsvistastyle.dll
File size:148'352 bytes
SHA256 hash: 5f33047a6be764f7f606e39f93cc60dda985782d3349effb7922d0bdd2efdd0f
MD5 hash: 2ec1a7b060b9a6f87d0d2fddc0527dcb
MIME type:application/x-dosexec
File name:Qt5Network.dll
File size:1'287'040 bytes
SHA256 hash: 4fe390b900d7683f588e523d9b05bb31229037ed46db72ee74014251234ebe78
MD5 hash: 621279b7a93fac0f7c494032bbc1947f
MIME type:application/x-dosexec
File name:msvcp140_1.dll
File size:35'664 bytes
SHA256 hash: a61901a4d719a3e1cc4fa8f629218571330331e8dde2ef1f05c34845b180928e
MD5 hash: ae146db58039e40b9b4bf1c6fb973d07
MIME type:application/x-dosexec
File name:python3.dll
File size:66'432 bytes
SHA256 hash: 3b5f2304c00c911031698116f1cd1202544b102940b361949026b9971756c9bd
MD5 hash: 203a98eb574538265e2f34ef786467d1
MIME type:application/x-dosexec
File name:Qt5Gui.dll
File size:6'586'752 bytes
SHA256 hash: b5936a52d9d02cba410ed2335adfb0817b447dfff6a6249a7b8e8270cd605dc7
MD5 hash: d96775ab57747dca73b41aaefaf8bf59
MIME type:application/x-dosexec
File name:qwindows.dll
File size:1'495'936 bytes
SHA256 hash: 112bea553898b11b3d4b2380230a5513c1376924b90cf28d0895729dfd9a61c3
MD5 hash: d3bd898a7c59eea5561a86750802e3c4
MIME type:application/x-dosexec
File name:vcruntime140.dll
File size:109'440 bytes
SHA256 hash: 69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc
MD5 hash: 49c96cecda5c6c660a107d378fdfc3d4
MIME type:application/x-dosexec
File name:libEGL.dll
File size:28'544 bytes
SHA256 hash: a9075e1e7cd286491b5723de33a010f01a333cf32ccd662a94fcf1c71127a717
MD5 hash: 3852fab926baa44255b2202e34a872f9
MIME type:application/x-dosexec
File name:j2Engi.dll
File size:111'104 bytes
SHA256 hash: 50042482342426eb71da36f65d0924615545abdac33bc25d73b3e2d8d8d10679
MD5 hash: 812b187e68ea2be1c0b1b950786dee57
MIME type:application/x-dosexec
File name:Qt5Svg.dll
File size:337'280 bytes
SHA256 hash: 024adf450dd12b1c3a8a93f5e95bec3b5caa0f0e30bdff108e85ba5d4c7694d6
MD5 hash: fa5a041bfcebc7da6950feab4bab0ef2
MIME type:application/x-dosexec
File name:libGLESv2.dll
File size:3'381'632 bytes
SHA256 hash: fdf684f60a02ce16dc12f91612f20787166aaba30cdb307127d2c6218bf94454
MD5 hash: d5786155a222950e33f43ebe205bfb70
MIME type:application/x-dosexec
File name:ucrtbase.dll
File size:997'056 bytes
SHA256 hash: 4c5b8e529854cedfa8f46cd6906952400cdbbf25efc4cf37dda2c42d8e96ddcb
MD5 hash: ed82e9c6c4f7a475d7fd6ebabf3fab2a
MIME type:application/x-dosexec
File name:python312.dll
File size:7'524'224 bytes
SHA256 hash: 13c2bbc88618df48395f9fdd40241d26d0c7766da31374e5b8d51dcdc6c7ee87
MD5 hash: 67e6f0b25a14d606f56984ba1583632a
MIME type:application/x-dosexec
File name:j9jextract.dll
File size:140'288 bytes
SHA256 hash: 4a9509e666e9508e663b45334ba5bbbd3a7f353b2147710aa5dd54ad28fd2e30
MD5 hash: d88bf01eaaec100d2102fd01f9c8b1e5
MIME type:application/x-dosexec
File name:concrt140.dll
File size:344'712 bytes
SHA256 hash: 8032b43bdd2f18ce7eb131e7cd542967081bea9490df08681bf805ce4f4d3aab
MD5 hash: 65f2e5a61f39996c4df8ae70723ab1f7
MIME type:application/x-dosexec
File name:libwinpthread-1.dll
File size:63'678 bytes
SHA256 hash: 04737a97282e4068a06ebce60ef80d2f42b8dd33ed7f2cf09ee85d4167e6f9a1
MD5 hash: 3134477e8dd41782ef0406d2b71361d3
MIME type:application/x-dosexec
File name:Qt5SerialPort.dll
File size:89'472 bytes
SHA256 hash: 5f1621526d721fd77e3a97e392d54a71d3eb246681617921d9f03fd84ce91204
MD5 hash: d0d066c88ddfaa0e33d8ebf9a27fd0c5
MIME type:application/x-dosexec
File name:msvcp140.dll
File size:575'592 bytes
SHA256 hash: 9057d39b36b6c7d054865ee2bf9cde7a490fe3b01ec4e82514687e24f576269f
MD5 hash: cfdf6eaf5328fecbdec268b7f9e21f3a
MIME type:application/x-dosexec
File name:vcomp140.dll
File size:189'464 bytes
SHA256 hash: 22e37c501d350c83006e04ebc4e2e82370655c55be271c40dfc1ed781bf81bae
MD5 hash: 7b6a0ab0de5faf6755575b95fb3d03ce
MIME type:application/x-dosexec
File name:onnxruntime.dll
File size:13'198'208 bytes
SHA256 hash: 7f8c5cd1ef98de2f26c3d08a3a63d8f59a28bd2b000371872624621ef5ab9092
MD5 hash: a5bb107eba98ef6d96d48b308b22ff43
MIME type:application/x-dosexec
File name:Rebex.Mail.dll
File size:119'296 bytes
SHA256 hash: 838b6ecc56b39f9fb728592f024442926e98e6ab9fe7a7c2a45411a5d47c35a5
MD5 hash: 82ab54432c569ea9fbf7bdc9d7b70c0a
MIME type:application/x-dosexec
File name:D3DCompiler_47.dll
File size:4'524'496 bytes
SHA256 hash: 21df5696011156fe64f2dff47c8ed5e90817021f91f70b6d9707fd58cd1b0b81
MD5 hash: 9b1148a147fc307a501e8c540048991c
MIME type:application/x-dosexec
File name:qjpeg.dll
File size:565'120 bytes
SHA256 hash: 5f7bc0043c29e0b666b3537c60f62b1ed8299f3870b15d236f81c757bf8519b2
MD5 hash: 1549e089ff23c7c14f92eff12cbcd41d
MIME type:application/x-dosexec
File name:Qt5Core.dll
File size:5'915'008 bytes
SHA256 hash: d139d9106767ed4a252915f0c650188464336453967ec1fb4280a2e53e4fd321
MD5 hash: 28917c276c04cedf212d72978c060e99
MIME type:application/x-dosexec
File name:qt.conf
File size:28 bytes
SHA256 hash: c0925a148fe29f1ad4197a3250128d7035e8f27cf75c833d7c55890890c8f79d
MD5 hash: 861e55c9c4b381d1912877049327baab
MIME type:text/plain
File name:Storage.Native.db
File size:1'217'331 bytes
SHA256 hash: abe1aabf7f3b39e7446b4a1a110bbb34ec40ec5678c9f8ae62b8b4a985ad5fec
MD5 hash: 3017b085867e460e3ccb3ba60c8cc7b2
MIME type:application/x-sqlite3
File name:lvp_icd.x86_64.json
File size:156 bytes
SHA256 hash: ed64ac02ed6d36ac58d4c38e21a78d25f07a7d4b7e4e3810b078c1a32161c693
MD5 hash: 1da52867ddf3f614b1c0328b0df1c28b
MIME type:application/json
File name:crashreporter.ini
File size:3'858 bytes
SHA256 hash: 76e3b384d62d63cb2267e20703ffd64e3887aff5f46338d17b5f7269f524ca84
MD5 hash: c67b56b396fbb27fc2cf47fc24dc5b93
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/754054e1-dd03-4e90-a72d-f29c07f98aee/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694ccd95038f10550b5577bd
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Clean
File Type:
zip
Link:
https://opentip.kaspersky.com/a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a/results?tab=lookup
Score:
7%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a
Gathering data
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u2turqdan64wad67ar3dki5x3iqlhavqks4hl7or54odn7awa6na._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip a6a748c0606fb9600fdf04763523b7da20b382b054b875fdd1ef1c36fc16079a

(this sample)

  
Link
https://infosec.exchange/@monitorsg/116279590077931331
  
Delivery method
Distributed via web download

Comments