MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 10 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356
SHA3-384 hash: 9c5e200b7d1c5d9517961e6870e328b0b190dca5df70f89f1cd0cebcaa5e60c5674c2f38a11bec11c8cfaa8e44008a28
SHA1 hash: 4f7221c797aa6c0cd51541b708bd2b59b7e86174
MD5 hash: 891ce5b03c67c33343f641d244f96812
humanhash: vegan-network-avocado-foxtrot
File name:a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356
Download: download sample
File size:1'387'699 bytes
First seen:2026-05-21 19:16:54 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 24576:8oZjxbq9j8XJlqrGAuImQIMESQ+hcqMXHC0Clwi6/CttWaRPMU9Y:8oZ9bq+MmMEL+hcjXHC/wnwdPMUS
TLSH T15D553387413C18C44F3D066767AF996CA2259AFC20070C777766446B353F3AF8AB998E
Magika zip
Reporter johnk3r
Tags:eth stealer zip


Avatar
johnk3r
Payload:

{
"jsonrpc": "2.0",
"method": "eth_call",
"params": [
{
"to": "0x1823A9a0Ec8e0C25dD957D0841e3D41a4474bAdc",
"data": "0x3bc5de30"
},
"latest"
],
"id": 1
}

Intelligence

File Origin
# of uploads :
1
# of downloads :
340
Origin country :
CH CH
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:57
File size:78'848 bytes
SHA256 hash: fd213469fee39d407e9f4c76a55e91c09129eeccf2f2f51d7d3766d8c98f2c6f
MD5 hash: dadcd51dac745c91fc2de0a60a16f69a
MIME type:application/octet-stream
File name:45
File size:401'920 bytes
SHA256 hash: 66ad3aa81a07c6ce2c6189d56a2ae91f036d21ef5db21df2aeebd2a1e719f780
MD5 hash: 8dd3c38b9f1f41fad642751e1a031e62
MIME type:application/octet-stream
File name:4
File size:512 bytes
SHA256 hash: 3d01b9e48f8d40d473c63508cca3a3e135f70a224fcfbd50f0632074b4b473d7
MD5 hash: 300553f9742d695d93c6de4517fee850
MIME type:application/octet-stream
File name:81
File size:1'342'464 bytes
SHA256 hash: 5da81e8dbc9ccf31b052a4ff65677b94af98792d8e2b0f5774e862e139c0eb5b
MD5 hash: ae9be0e42a508bfbda5f1465ebce8e42
MIME type:application/octet-stream
File name:COFF_SYMBOLS
File size:101'514 bytes
SHA256 hash: 1f3925824d2be30ca31a47c59a92d738993ce84884b4a170201e5bc6ab62947a
MD5 hash: dc2f2c2530f634f5f132c4cd4d91bc71
MIME type:application/octet-stream
File name:31
File size:5'120 bytes
SHA256 hash: a74afbced614619970caef04000f94df74ee565cf7ca6839efbc65dfd5933027
MD5 hash: f93f6dffb0d3cde2f4280573d837a36a
MIME type:application/octet-stream
File name:lua51.dll
File size:3'531'914 bytes
SHA256 hash: c7a657af5455812fb215a8888b7e3fd8fa1ba27672a3ed9021eb6004eff271ac
MD5 hash: 4ebd617a3ad9a9619172bd14a902a400
MIME type:application/x-dosexec
File name:70
File size:3'072 bytes
SHA256 hash: 584d0626d62e8302628934d61dd84211adb50764e01e67212d1df2e6cea812cb
MD5 hash: a580b62057be8337b1bf2be3a4832059
MIME type:application/octet-stream
File name:92
File size:281'600 bytes
SHA256 hash: afb724056fec9db29acbb3d6934dd10d70815b7c8c9f693451fc3df3860ea1b6
MD5 hash: 27a9885bb58ae9301a79c5e0d1439014
MIME type:application/octet-stream
File name:luajit.exe
File size:100'900 bytes
SHA256 hash: 5343326fb0b4f79c32276f08ffcc36bd88cde23aa19962bd1e8d8b80f5d33953
MD5 hash: 00f60ee3ff2dee681b5d7d442009b2c2
MIME type:application/x-dosexec
File name:19
File size:817'664 bytes
SHA256 hash: 0935f87a2b59d654ffa1505c941fa61b713c1bfa8f8146f69c9c0f74e8e35a1e
MD5 hash: 6b12add95e4beff1fc1d14c47c5d536a
MIME type:application/octet-stream
File name:resource.txt
File size:341'396 bytes
SHA256 hash: b1ec642be9b19043d37d0079339ce2326a4b50dab81e482b3a3fa3137f8dc088
MD5 hash: 9110e3e0df38bb9988ce65d45e79abb1
MIME type:text/plain
File name:Launcher.cmd
File size:29 bytes
SHA256 hash: 2bdfb6a368c2ec0a98d7420653fa4c6304acf09ec0bb26214ec9095631e7b1b7
MD5 hash: 4ed0a94ac7f2cdaa1d5e87e06722ef6f
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/97ab7f6e-29ca-4073-a08d-0708f4ce9a0d/
Detection(s):
SecuriteInfo.com.VBS.Obfus-141.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0f5a5133e785de369c8a2c
Tags:
injection
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
anti-debug crypto mingw overlay packed
Link:
https://www.filescan.io/uploads/6a0f5a45861ee596e644c451/reports/76410bb4-44e6-470a-b9e7-d725dfe2ccf1/overview
Verdict:
Malicious
Labled as:
Trojan.Win64.Packed.dd
Link:
https://www.hybrid-analysis.com/sample/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356
Verdict:
Malicious
File Type:
zip
First seen:
2026-05-21T04:16:00Z UTC
Last seen:
2026-05-21T16:44:00Z UTC
Hits:
~10
Detections:
Trojan.Script.Agent.gen
Link:
https://opentip.kaspersky.com/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356/results?tab=lookup
Score:
58%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356/
Verdict:
Malicious
Threat:
Trojan.Script.Agent
Link:
https://tip.neiki.dev/file/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356
Threat name:
Win32.Trojan.Ravartar
Create hunting rule
Status:
Malicious
First seen:
2026-05-21 08:29:24 UTC
File Type:
Binary (Archive)
Extracted files:
4
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vemy7szhoo6pngbezqchohhcmst3cscuwk37v6vgf6p7usxnknla._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a9198fcb2773bcf69824cc04771ce264a7b14854b2b7fafaa62f9ffa4aed5356

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Capability_Embedded_Lua
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects embedded Lua engines by looking for multiple Lua API symbols or env-var hooks
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:VECT_Ransomware
Create hunting rule
Author:Mustafa Bakhit
Description:Detects activity associated with VECT ransomware. This includes registry modifications and deletions, execution of system and defense-evasion commands, suspicious API usage, mutex creation, file and memory manipulation, ransomware note generation, anti-debugging and anti-analysis techniques, and embedded cryptographic constants (SHA256) characteristic of this malware family. Designed for threat intelligence and malware detection environments.
Rule name:vmdetect
Create hunting rule
Author:nex
Description:Possibly employs anti-virtualization techniques

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments