MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ChromElevator

Vendor detections: 8

Intelligence 8 IOCs YARA 19 File information Comments

SHA256 hash:	b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26
SHA3-384 hash:	179aa495d434b34e17f5b0721e3f334d395f88bd26896d8d6f83371f24542e3b6d537208f3a2c96275fe74e9f13c3688
SHA1 hash:	069af06e8fe2f396ad4c9d520ac6b223b3429425
MD5 hash:	a380a29f705501472cdf145fb82e29ec
humanhash:	nineteen-london-lake-magnesium
File name:	b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26.zip
Download:	download sample
Signature	ChromElevator Create hunting rule
File size:	8'914'506 bytes
First seen:	2026-03-04 14:57:42 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:Ga/PIi+9oCYTbu86ruNqBaNg97027yEzulw0hTOBSLe7UzcMaf:Gji+NPjDaAILWZULe7UgMaf
TLSH	T13A96338380630F95EB6BF77565B1AA3593EE2BEDC5F58129880113C934CA7E507C82F6
Magika	zip
Reporter	JAMESWT_WT
Tags:	77-221-149-33 ChromElevator zip

Intelligence

File Origin

# of uploads :

# of downloads :

151

Origin country :

File Archive Information

This file archive contains 24 file(s), sorted by their relevance:

File name:	meiryon_boot.ttf
File size:	174'148 bytes
SHA256 hash:	7c6f97dabbd25d5d0a8b04cc38c36a811f7cc3c4fd322c0f4f8b805cc5415ae8
MD5 hash:	57820666fbf8e7987b01c33576aeabfe
MIME type:	font/sfnt
Signature	ChromElevator

File name:	msjhn_boot.ttf
File size:	199'176 bytes
SHA256 hash:	7ac29cfea13b44673f1c4f8e6e69e5e5fed3cbf6e86b10812a8497d4f3ee121e
MD5 hash:	69702fd0ed9894cc63cacc60520a6668
MIME type:	font/sfnt
Signature	ChromElevator

File name:	aspnet_filter.dll
File size:	35'896 bytes
SHA256 hash:	c03abdb527bd9fd464f6eb8d2e7aedb39a5e0bafa1f90998671f6693068f6530
MD5 hash:	c31ca5b250cc8dc23bb80fb5b3dd7fa3
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	Aspnet.config
File size:	437 bytes
SHA256 hash:	21a05ddb1cb19006defa605fea9cde757d9d581f1d13fb139b0bde79f7f15e55
MD5 hash:	b08cbcd4ba60c8ef3322d2e3afc16c5a
MIME type:	text/xml
Signature	ChromElevator

File name:	msyh_boot.ttf
File size:	189'936 bytes
SHA256 hash:	c7408a26e59a15fcc414fc28dd5cf18b1f23f148d6e2f35abb43fb72f8722357
MD5 hash:	537a54f1bf443ace8e5865bf6c2144c6
MIME type:	font/sfnt
Signature	ChromElevator

File name:	EG_Loader.exe
File size:	331'552 bytes
SHA256 hash:	98cd9e5c0b8e8692e7070e8b572fca87b694f5a13ac642c601ccb98ff72d3b85
MD5 hash:	b6ef1cba60d9ee2e3463ae7e16fb583a
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	msjh_boot.ttf
File size:	201'348 bytes
SHA256 hash:	f5ceec36317b0d44232447c334cdafcd1c61e10b78c5c5e0a55fb7e764cfeddc
MD5 hash:	28e8fd8187fdc691b7765444d1ca26be
MIME type:	font/sfnt
Signature	ChromElevator

File name:	segoe_slboot.ttf
File size:	102'980 bytes
SHA256 hash:	ea32eae97c0e8cf2a77bbf02dc2cf9c78d25de4d9da5c074d46a0ca977846df0
MD5 hash:	f69833e522a4e18785519f055aaa8f37
MIME type:	font/sfnt
Signature	ChromElevator

File name:	bootspaces.dll
File size:	241'560 bytes
SHA256 hash:	0d3333fad308080926558acbd8b76295f3723baba7dd9b35652507a49a82d3fd
MD5 hash:	17dabad6957849d89dd8c1f582d64916
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	wgl4_boot.ttf
File size:	50'096 bytes
SHA256 hash:	23872d2eba60bbb3bd2585e925c4b48769fb6bb0cfa7f4a6ba4e8f03bcaf2c35
MD5 hash:	5280f31f33340e337d2880840c04200b
MIME type:	font/sfnt
Signature	ChromElevator

File name:	jpn_boot.ttf
File size:	1'986'860 bytes
SHA256 hash:	53c61cda3b0d4140770a31bea530285944a601c3c9ea684a0968e10cda3ecaaa
MD5 hash:	dfebfe015a416693130c0995e3758e5f
MIME type:	font/sfnt
Signature	ChromElevator

File name:	kor_boot.ttf
File size:	2'374'000 bytes
SHA256 hash:	b4b08815034d19c49515b2bfad1f983ce8b68a77a0cf20e0e8a9fb586dfe713c
MD5 hash:	ed90a1f4452419e13be8e5816c2097fc
MIME type:	font/sfnt
Signature	ChromElevator

File name:	malgun_boot.ttf
File size:	201'960 bytes
SHA256 hash:	00f751354043cdb6a3ad5e46048f8a3a4789da62c25339317022684f982b1e9c
MD5 hash:	3a04269421cab51471a2bc005235702b
MIME type:	font/sfnt
Signature	ChromElevator

File name:	alink.dll
File size:	149'560 bytes
SHA256 hash:	51c8034c68484f9694fb658b60ec375bd24210d0e3cba9ae6d6f0ff5e3e7d7d7
MD5 hash:	c92c4ba4a65419210993f06b9585e332
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	malgunn_boot.ttf
File size:	199'440 bytes
SHA256 hash:	d621c48a9a82a8706d5465ab5bb16c3cfba9ea3abee8381cc435d2d7e261b629
MD5 hash:	e60f4df795ab6227a939d7e011375c7e
MIME type:	font/sfnt
Signature	ChromElevator

File name:	bootres.dll
File size:	169'392 bytes
SHA256 hash:	7a5d925c1f0c1f2edaf31f3f5d04a9dd51dc129ebfa4a703d8ef6f599077d488
MD5 hash:	057c47435589e5685c114c9365d5738d
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	segmono_boot.ttf
File size:	45'848 bytes
SHA256 hash:	4ffbb8035c05fbcd62e6b99edcb1955d66048eaf5c66559fbfd9d6506f88b332
MD5 hash:	14a3edec080ec59695b736fcefecb7ad
MIME type:	font/sfnt
Signature	ChromElevator

File name:	chs_boot.ttf
File size:	3'696'724 bytes
SHA256 hash:	0ffcc34b62dc9206cde96ad1a488bfaae63cebf5aae0a32bfbbc2c4e7e590401
MD5 hash:	695b939e311e7fe6a30b2e57321dda1f
MIME type:	font/sfnt
Signature	ChromElevator

File name:	bootres.dll.mui
File size:	13'632 bytes
SHA256 hash:	431fa5dd81c31ee5e2850cfb128305b61e9fa4da1f8ecd771236f44f75730a30
MD5 hash:	d1b69cd61c7b2eb700d7acb20e6e8162
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	meiryo_boot.ttf
File size:	175'972 bytes
SHA256 hash:	4a3b8c2505df438b8d1518fce77fb7dbad517f8baf567f02fb6bc95cb4737729
MD5 hash:	dc21ae1ed3cc66837942ccc11139f909
MIME type:	font/sfnt
Signature	ChromElevator

File name:	Accessibility.dll
File size:	32'152 bytes
SHA256 hash:	d4cc4d55f254a11e355a3a5e8b2aead96e54e6412f94e6dc6fbaea3a62eb062c
MD5 hash:	e25a74b21922a290760eb5f030017728
MIME type:	application/x-dosexec
Signature	ChromElevator

File name:	cht_boot.ttf
File size:	3'879'428 bytes
SHA256 hash:	9e859995c8e9fe4bab320f24d8f62c640340a93fba22cb796f4f3d86f8fa4511
MD5 hash:	eae24ef54eb6f0d110df1791506beb17
MIME type:	font/sfnt
Signature	ChromElevator

File name:	msyhn_boot.ttf
File size:	187'932 bytes
SHA256 hash:	b7cf3e805ef34eea98efbaf1778f33a600322c0ac1b52efd1daf874726710b86
MD5 hash:	4418b1d0b905b3137c5f39e34de58ec1
MIME type:	font/sfnt
Signature	ChromElevator

File name:	segoen_slboot.ttf
File size:	102'748 bytes
SHA256 hash:	53c227d0a00c73c0c7439717af75855dad540ebceac3919fde7e09b7204d9304
MD5 hash:	c44b768e6e669196ca6d2999169775a7
MIME type:	font/sfnt
Signature	ChromElevator

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/fcbd273e-63dc-4290-bf34-3a29b9aa2a09/

Detection(s):

SecuriteInfo.com.PUA.DiscordUrl-1.UNOFFICIAL

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a8488de1f958bf6683a064

Tags:

n/a

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26

Result

Verdict:

SUSPICIOUS

Link:

https://labs.inquest.net/dfi/sha256/b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Verdict:

Malicious

File Type:

zip

Link:

https://opentip.kaspersky.com/b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26/results?tab=lookup

Score:

Verdict:

Benign

File Type:

Result

Malware family:

chromelevator

Score:

10/10

Tags:

family:chromelevator discovery hacktool spyware stealer

Link:

https://tria.ge/reports/260304-t1jq7adw4l/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.98

Link:

https://yomi.yoroi.company/submissions/b297e1c43cbe0917e2765dc6262b9ee0c7fe54c5b064e4eded56b36d956d3b26

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	cobalt_strike_tmp01925d3f Create hunting rule
Author:	The DFIR Report
Description:	files - file ~tmp01925d3f.exe
Reference:	https://thedfirreport.com

Rule name:	CP_Script_Inject_Detector Create hunting rule
Author:	DiegoAnalytics
Description:	Detects attempts to inject code into another process across PE, ELF, Mach-O binaries

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	Discord_APIs Create hunting rule

Rule name:	dsc Create hunting rule
Author:	Aaron DeVera
Description:	Discord domains

Rule name:	extracted_at_0x44b Create hunting rule
Author:	cb
Description:	sample - file extracted_at_0x44b.exe
Reference:	Internal Research

Rule name:	golang_bin_JCorn_CSC846 Create hunting rule
Author:	Justin Cornwell
Description:	CSC-846 Golang detection ruleset

Rule name:	INDICATOR_SUSPICIOUS_EXE_DiscordURL Create hunting rule
Author:	ditekSHen
Description:	Detects executables Discord URL observed in first stage droppers

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	NETDLLMicrosoft Create hunting rule
Author:	malware-lu

Rule name:	pe_detect_tls_callbacks Create hunting rule

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	pe_no_import_table Create hunting rule
Description:	Detect pe file that no import table

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample