MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa
SHA3-384 hash: 27f2077af6ae91d991d1b08fc2d12e7306b76cfe9db3523baba3965bb11290701d8f461f26c51c504e04bb80b4572edc
SHA1 hash: e672d1bfa5dca4069179b48e834fb6ca1c842f2c
MD5 hash: 09b3c5714bfb33888df953c13bfd7f39
humanhash: emma-sink-mars-nine
File name:get.zip
Download: download sample
File size:714'856 bytes
First seen:2024-12-02 11:22:38 UTC
Last seen:2025-02-28 23:27:47 UTC
File type: zip
MIME type:application/zip
ssdeep 12288:IW9/TQBf1M7dtFWKgSr1wTA/zLaPw43HuRWiVZaCrMBvKTJ0fs5RTczE+Q2LfgcW:7G6ZWPWqw+443HuRWiNRwzEuL7W
TLSH T1CDE4239884F2C14B8A99912C4E9B339C1A27476D484C3FE4DB326CDCB343555937EEB6
Magika zip
Reporter lontze7
Tags:zip

Intelligence

File Origin
# of uploads :
2
# of downloads :
465
Origin country :
FR FR
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:AutoHotkey.exe
File size:1'319'936 bytes
SHA256 hash: effdea83c6b7a1dc2ce9e9d40e91dfd59bed9fcbd580903423648b7ca97d9696
MD5 hash: 2d0600fe2b1b3bdc45d833ca32a37fdb
MIME type:application/x-dosexec
File name:get.txt
File size:561'319 bytes
SHA256 hash: 2f2ceacd1d02364e3eb3337b0464c849085777b04d7e0ad86b20f4d8d7274fbe
MD5 hash: 81e725fe89b23bd6a8b4e29eaf5f324f
MIME type:text/plain
File name:AutoHotkey.ahk
File size:5'997 bytes
SHA256 hash: 741b3cfbf6df2320b0c9ad28be05a4bd776b15f05931429c4f9fc0720c346b1e
MD5 hash: c311fe39fc3867a8e6282b4ebae5e0e0
MIME type:text/plain
Vendor Threat Intelligence
Detection(s):
PUA.Win.Tool.AutoHotKey-10022305-1
Create hunting rule

SecuriteInfo.com.Other.Malware-gen.3755.28750.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=674d99abe64d1c722d7b4f79
Tags:
autoit virus
Result
Verdict:
Suspicious
File Type:
PE File
Link:
https://app.docguard.net/b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
fingerprint keylogger microsoft_visual_cc
Link:
https://www.filescan.io/uploads/674d989ae0aad38b941f8d8e/reports/4a32f6f2-c562-4794-9a49-d4a3f710f6f0/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa
Score:
34%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa/
Threat name:
Win32.Spyware.AsyncRAT
Create hunting rule
Status:
Malicious
First seen:
2024-06-28 23:08:17 UTC
File Type:
Binary (Archive)
Extracted files:
24
AV detection:
10 of 38 (26.32%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wox6emq6mwxsm4k3ud2tr54q45upfppuq3hyjgxu4fpdugmxt35a._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery
Link:
https://tria.ge/reports/241202-pav93symaj/
Behaviour
Suspicious use of WriteProcessMemory
Program crash
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip b3afe2321e65af26715ba0f538f790e768f2bdf486cf849af4e15e3a19979efa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3316454/
  
Delivery method
Distributed via web download

Comments