MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 8 File information Comments

SHA256 hash:	c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af
SHA3-384 hash:	583069cf4b20840263efbe34386035df0ca89104f8f4dda1190ba0cbe78128b85398f5f4a3f3ba98e40d4d69a7f734ab
SHA1 hash:	33cff0ecea7ad564746e2c181fcb973e4d48772e
MD5 hash:	7f9a4aa27e5ddf85f56930b9f39eefaa
humanhash:	muppet-robin-may-april
File name:	spisokszch.zip
Download:	download sample
File size:	2'785'016 bytes
First seen:	2026-06-24 11:11:43 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	192:shDqQyeDeR1HDqQO7eT4kHylAxrespmaGOlAxb7egH+VX:shDqQBaHDqQHa769VX
TLSH	T142D5DD4166E91204F176FF3B9E7AAB84443BB991EE30D75C8B60CC2D29A5A10CD35F32
Magika	zip
Reporter	smica83
Tags:	UKR zip

Intelligence

File Origin

# of uploads :

# of downloads :

100

Origin country :

File Archive Information

This file archive contains 5 file(s), sorted by their relevance:

File name:	JPG_013.jpg.lnk
File size:	929'402 bytes
SHA256 hash:	fe38e54bedee074825eb3fcbe4824ed203876692a424e0c183e0006b31d1b7a8
MD5 hash:	85bc6e1ff944a74aee50adf581cf7ef0
MIME type:	application/octet-stream

File name:	JPG_014.jpg.lnk
File size:	774'777 bytes
SHA256 hash:	a8d0a03543db29d279175c9679eba574dcb7a17e306195a68ab1d033ee2be01c
MD5 hash:	a52bad2c98ca848c79a062335fed42f5
MIME type:	application/octet-stream

File name:	spisokszch.xlsx.lnk
File size:	19'630 bytes
SHA256 hash:	6754f3854680767a394b22090f277fc53ec5a242faff54bf233084da5989c3ef
MD5 hash:	ae95386ae05175c560bf8a248c71a835
MIME type:	application/octet-stream

File name:	JPG_012.jpg.lnk
File size:	1'060'305 bytes
SHA256 hash:	bb40c9d8c217516a92a18a1bdb080a5af92cfafe81f6751dea665e3e78cb4851
MD5 hash:	39461565334a0b5e198865b53582badb
MIME type:	application/octet-stream

File name:	README.txt
File size:	352 bytes
SHA256 hash:	86bac1444fef0b07eec10dcd4a5859a2296954f6b5a36690dc7c27e2931b9ccc
MD5 hash:	6d9e53615eaabc06e0518fda8c5b94d3
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/ebb5ba96-850a-4756-9d1f-ec11c50fc13b/

Detection(s):

Sanesecurity.Foxhole.Zip_jpg.UNOFFICIAL

Sanesecurity.Foxhole.Zip_xlsx.UNOFFICIAL

Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL

MiscreantPunch.INFO.LNK.CMDPSHELL.UNOFFICIAL

TwinWave.EvilLNK.LOLBinOddLookPSHELL.20220711.UNOFFICIAL

TwinWave.EvilLNK.OddLook.202207213.UNOFFICIAL

TwinWave.EvilLNK.HTTPDottedQuadPolicykill.20220908.UNOFFICIAL

TwinWave.EvilLNK.SilverChairs4SilverBacks.20221114.UNOFFICIAL

TwinWave.EvilLNK.LOLBinPaddedRoomFluteLoop.20220523.UNOFFICIAL

SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a3bbba01548daf709f9610f

Tags:

obfuscate shell sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

cmd cscript evasive lolbin masquerade powershell

Link:

https://www.filescan.io/uploads/6a3bbb9a90632a45f738470f/reports/6c5b3c64-8476-4940-a0f8-3fc0c69905fd/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af

Verdict:

Malicious

File Type:

zip

First seen:

2026-06-23T23:00:00Z UTC

Last seen:

2026-06-25T23:42:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af/

Threat name:

Shortcut.Trojan.Suschil

Status:

Malicious

First seen:

2026-06-23 16:41:27 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

13 of 24 (54.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y5f3n64ertnypqvueyo2d36apabdzx4vvj5rinwffqtphiiqewxq._file

Result

Malware family:

n/a

Score:

8/10

Tags:

adware execution persistence ransomware spyware

Link:

https://tria.ge/reports/260624-pgw5ysbz3z/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c74bb6fb848cdb87c2b4261da1efc078023cdf95aa7b1436c52c26f3a11025af

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Download_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies download artefacts in shortcut (LNK) files.

Rule name:	Execution_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies execution artefacts in shortcut (LNK) files.

Rule name:	Large_filesize_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies shortcut (LNK) file larger than 100KB. Most goodware LNK files are smaller than 100KB.

Rule name:	PS_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies PowerShell artefacts in shortcut (LNK) files.

Rule name:	Script_in_LNK Create hunting rule
Author:	@bartblaze
Description:	Identifies scripting artefacts in shortcut (LNK) files.

Rule name:	SUSP_LNK_Big_Link_File Create hunting rule
Author:	Florian Roth (Nextron Systems)
Description:	Detects a suspiciously big LNK file - maybe with embedded content
Reference:	Internal Research

Rule name:	SUSP_LNK_Big_Link_File_RID2EDD Create hunting rule
Author:	Florian Roth
Description:	Detects a suspiciously big LNK file - maybe with embedded content
Reference:	Internal Research

Rule name:	Sus_CMD_Powershell_Usage Create hunting rule
Author:	XiAnzheng
Description:	May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample