MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cc2b74f4fba0b734a5455e521b1cd8d4dd1c13c87114cd407dd3f2a8dff343dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ConnectWise

Vendor detections: 6

Intelligence 6 IOCs YARA 11 File information Comments

SHA256 hash:	cc2b74f4fba0b734a5455e521b1cd8d4dd1c13c87114cd407dd3f2a8dff343dd
SHA3-384 hash:	34d83f2179dcf5119842f9a5590b7ce912f4ad21b43d196119edc0daec5fc055b9a02b6d9e8d2d3a8c571c34df8b1897
SHA1 hash:	5d193ffc208185cbf86aae98299ea49f33844e29
MD5 hash:	0e8e20566f9796f8a1e4a1bcf543091c
humanhash:	salami-uniform-west-fish
File name:	ATO.zip
Download:	download sample
Signature	ConnectWise Create hunting rule
File size:	15'476'956 bytes
First seen:	2026-02-28 20:53:36 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	393216:yo8bV1WJHAGE7C0uJ0ewcrFas6731zrzF6SE:yVLWJHmU/XuZzrJ6SE
TLSH	T1F6F633CDCE70B7B89064F8F540A67079F18B6297299B3B387125B75D1C9D08C8D83A7A
Magika	zip
Reporter	JAMESWT_WT
Tags:	ATO ConnectWise www-stattementviewonline-help zip

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 12 file(s), sorted by their relevance:

File name:	viewpdf.php
File size:	5'800 bytes
SHA256 hash:	b748c202e99c962c17acc7b6f18b80253fae7c6c480fbba053f774f8446f7e46
MD5 hash:	166dab9e30b4178a61fb0a4afa13821f
MIME type:	text/html
Signature	ConnectWise

File name:	statement.php
File size:	5'628 bytes
SHA256 hash:	239f63b056ab31516949903b4800704d86aa3ba4f3265e31cef8a3d7b6f30bb4
MD5 hash:	1d89d0dba4c00ab3a0da2038da1aa820
MIME type:	text/x-php
Signature	ConnectWise

File name:	logo.svg
File size:	8'079 bytes
SHA256 hash:	38c898d109782edece82f67605ffd739dfea3028527e571414a390bec0aefe57
MD5 hash:	d21f3e3f8700b58dc120a7aab9d9ff26
MIME type:	image/svg+xml
Signature	ConnectWise

File name:	ZoomWorkspace.msi
File size:	13'537'280 bytes
SHA256 hash:	8c90653cfd88ee763a8fe78700b5dbf96053c90b2e54fff3ebf86ce7076f3daf
MD5 hash:	234a2643ced70d03ad18756f974ffff2
MIME type:	application/x-msi
Signature	ConnectWise

File name:	index.php
File size:	7'083 bytes
SHA256 hash:	acf2a659f26185cfe8ae448ce281b4287d7e39505af841db4a8b3660418c69a1
MD5 hash:	9d86657ee68e7abafff4ebe4b9d4970d
MIME type:	text/x-php
Signature	ConnectWise

File name:	invite.php
File size:	538 bytes
SHA256 hash:	1eb1394668ddbfd390a1919a5d47ff7f432c123a393fc8c283602f49f4458b4b
MD5 hash:	a1d4aaa00d04bfb03aa5a4c4f07ccf8e
MIME type:	text/x-php
Signature	ConnectWise

File name:	back.png
File size:	988'255 bytes
SHA256 hash:	f666794204caba9b572fee0838e17c96ca54d8d67b0e5d1fe9b1f1f112fee210
MD5 hash:	35939b0bb0e1de790f046f2ed26f2f4e
MIME type:	image/png
Signature	ConnectWise

File name:	download.php
File size:	4'976 bytes
SHA256 hash:	9c93e8933903fcebb27efff0ac34a7d38ba1568fee14a5c31095e8c9baa38aa2
MD5 hash:	e9ba0f3616a7afc4815eee5c98737c61
MIME type:	text/x-php
Signature	ConnectWise

File name:	hero.webp
File size:	84'074 bytes
SHA256 hash:	fbb8aaf4842b551e5ec455d564df642d3ea1901f721c7c0521780650179cb7b4
MD5 hash:	1ead1813a57dabe83cc3abf4694c73ae
MIME type:	image/webp
Signature	ConnectWise

File name:	pdf2.png
File size:	1'400'429 bytes
SHA256 hash:	865696c6c67ea2bcf8241974ea356a87b89fe884dbdc8431dbe48ebfa1e377ac
MD5 hash:	95ffe9ede975cbdc81b72fd7826d758e
MIME type:	image/png
Signature	ConnectWise

File name:	Device-error.php
File size:	194 bytes
SHA256 hash:	c28c009e485b3d5b32d1b6938c636a2c73dc4f01b220da4e85261b5fe8e90174
MD5 hash:	8b6dd1295ed784c97aa7ec4adbecf1a8
MIME type:	text/html
Signature	ConnectWise

File name:	settings.php
File size:	1'648 bytes
SHA256 hash:	114a599e365dd4427134a1340a753de3146d0446f623b4b467e583b96712a8eb
MD5 hash:	c89c2f531572333364b1c9b799926dcb
MIME type:	text/x-php
Signature	ConnectWise

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/1b133182-1205-4411-9e21-3b56763eca91/

Detection(s):

Sanesecurity.Foxhole.Zip_fs3159.UNOFFICIAL

SecuriteInfo.com.PUA.Telegrambot-18.UNOFFICIAL

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69a355fd8fffa866e3b36a02

Tags:

infosteal

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/cc2b74f4fba0b734a5455e521b1cd8d4dd1c13c87114cd407dd3f2a8dff343dd

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/cc2b74f4fba0b734a5455e521b1cd8d4dd1c13c87114cd407dd3f2a8dff343dd

Verdict:

Adware

File Type:

zip

Link:

https://opentip.kaspersky.com/cc2b74f4fba0b734a5455e521b1cd8d4dd1c13c87114cd407dd3f2a8dff343dd/results?tab=lookup

Score:

Verdict:

Benign

File Type:

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	DebuggerCheck__API Create hunting rule
Reference:	https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

Rule name:	DetectEncryptedVariants Create hunting rule
Author:	Zinyth
Description:	Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded

Rule name:	INDICATOR_RMM_ConnectWise_ScreenConnect Create hunting rule
Author:	ditekSHen
Description:	Detects ConnectWise Control (formerly ScreenConnect). Review RMM Inventory

Rule name:	NET Create hunting rule
Author:	malware-lu

Rule name:	RANSOMWARE Create hunting rule
Author:	ToroGuitar

Rule name:	telebot_framework Create hunting rule
Author:	vietdx.mb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample