MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


WeedHack


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054
SHA3-384 hash: e9fa5b61852ed370e1dc02cf8a26e1b9101e1e635527b78df3d0f8b775d790c30ea66ed6d68319f59a3545ba29dd10f0
SHA1 hash: e9e9935b9240d880242e008f80124ab7f452cef7
MD5 hash: a5cf8bbba30068b02018d55acce90ddb
humanhash: uniform-bluebird-minnesota-triple
File name:Azolek-1.jar
Download: download sample
Signature WeedHack
Create hunting rule
File size:25'648 bytes
First seen:2026-04-17 16:07:45 UTC
Last seen:Never
File type:Java file jar
MIME type:application/zip
ssdeep 384:g3w9gntIac1iAhqslHFQaAPYMfqZBBkSuHrBBOtYc7YNdLGqYDhp63dEou9dG07W:K9ne1icpFgPEOSuHrBIYDFPdED9dG0K
TLSH T1B2B2CF7A830BC208E4178739D6CAAC677A5654C68441B73FE0B0939F47A6BEF4B84F44
TrID 77.1% (.JAR) Java Archive (13500/1/2)
22.8% (.ZIP) ZIP compressed archive (4000/1)
Magika jar
Reporter burger
Tags:jar WeedHack

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Malware family:
n/a
ID:
1
File name:
Azolek-1.jar
Verdict:
Malicious activity
Analysis date:
2026-04-17 15:37:33 UTC
Tags:
etherhiding stealer weedhack antivm anti-evasion auto-reg auto-sch
Link:
https://app.any.run/tasks/6afbadce-230f-416a-9edb-312d392e95ed

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/61999/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e253bd45787c53e53aa0e0
Tags:
n/a
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054
Verdict:
Malicious
File Type:
jar
First seen:
2026-04-17T12:39:00Z UTC
Last seen:
2026-04-19T03:08:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Java.Generic
Link:
https://opentip.kaspersky.com/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054/results?tab=lookup
Result
Threat name:
n/a
Detection:
suspicious
Classification:
n/a
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1900280
Signature
Joe Sandbox ML detected suspicious sample
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1900280 Sample: Azolek-1.jar Startdate: 17/04/2026 Architecture: WINDOWS Score: 22 13 shed.dual-low.part-0012.t-0009.t-msedge.net 2->13 15 part-0012.t-0009.t-msedge.net 2->15 17 2 other IPs or domains 2->17 19 Joe Sandbox ML detected suspicious sample 2->19 7 cmd.exe 2 2->7         started        signatures3 process4 process5 9 java.exe 3 7->9         started        11 conhost.exe 7->11         started       
Score:
0%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054/
Verdict:
Malicious
Threat:
Family.WEEDHACK
Link:
https://tip.neiki.dev/file/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054
Threat name:
ByteCode-JAVA.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-05 17:59:37 UTC
File Type:
Binary (Archive)
Extracted files:
14
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vfeqy35xwci7esv4qdw7dkelkah3zwophhgdzz27s55iul3s2bka._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260417-tll8rscv3k/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.35
Link:
https://yomi.yoroi.company/submissions/a9490c6fb7b091f24abc80edf1a88b500fbcd9cf39cc3ce75f977a8a2f72d054

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/61999/

Comments