MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c7200d21e670d2c80652caae4595443e9b58a01d04703fc6f90031413c6f0fbd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c7200d21e670d2c80652caae4595443e9b58a01d04703fc6f90031413c6f0fbd
SHA3-384 hash: 6c7654a77e800da55066637d25c78ce0b238dfd829833d1048c7c865b3b7a3b9355edd274daefd2ad181bb00948f82d8
SHA1 hash: e00e505d5f46f220e1d0b2c0a04214aaf835c2e8
MD5 hash: 8f65e0ee27e659a2887e946f6a9fb7ca
humanhash: five-nevada-whiskey-item
File name:SoftV10.19.zip
Download: download sample
File size:60'362'836 bytes
First seen:2025-07-15 14:52:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 1572864:qTXz+ly1MXuIOY5UQ/Zru4xKzsl0X6AJT7mj8f8eGvg:qTXz/1MX3N5dBNe6AJTi8fRAg
TLSH T12FD73395C5F60C23DA6E30BBB0D9C1964CEDCBD58520481589BC63EB8EE36F10ADAD1D
TrID 42.1% (.XPI) Mozilla Firefox browser extension (8000/1/1)
36.8% (.MAFF) Mozilla Archive Format (gen) (7000/1/1)
21.0% (.ZIP) ZIP compressed archive (4000/1)
Magika zip
Reporter burger
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
17
Origin country :
NL NL
Vendor Threat Intelligence
Verdict:
Clean
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6872780f900df8e7f86a2a2b
Tags:
n/a
Verdict:
Unknown
Threat level:
n/a  -.1.0/10
Confidence:
100%
Tags:
anti-vm expired-cert microsoft_visual_cc signed
Link:
https://www.filescan.io/uploads/68766b767bc45bdee1ad0afd/reports/3bf92e14-0653-4069-a9d3-f1e926921ac9/overview
Verdict:
Suspicious
Labled as:
Spy.U.Generic
Link:
https://www.hybrid-analysis.com/sample/c7200d21e670d2c80652caae4595443e9b58a01d04703fc6f90031413c6f0fbd
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/c7200d21e670d2c80652caae4595443e9b58a01d04703fc6f90031413c6f0fbd
Score:
10%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/c7200d21e670d2c80652caae4595443e9b58a01d04703fc6f90031413c6f0fbd
Gathering data
Threat name:
Win64.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-15 14:53:39 UTC
File Type:
Binary (Archive)
Extracted files:
3092
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y4qa2ipgodjmqbsszkxelfkeh2nvria5aryd7rxzaayucpdpb66q._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments