MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccd65b2ac86e64b8d87399b8875bbbb02020ae42c4fe5eb6be6e7769391f7603. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA 2 File information Comments

SHA256 hash: ccd65b2ac86e64b8d87399b8875bbbb02020ae42c4fe5eb6be6e7769391f7603
SHA3-384 hash: 130a40e63925484d994e6326c189d82315f8d14fa63f9458b4489b020139da4cf3cab1ed1edebb356765f724f1793792
SHA1 hash: 484ff772a526ab622faf0eca8b25c82b5d4f0581
MD5 hash: bb79abac9be12bc8872ac18b2a85cd14
humanhash: bakerloo-high-emma-nitrogen
File name:BIK1910486_20260615.tar
Download: download sample
File size:45'771 bytes
First seen:2026-07-03 17:51:12 UTC
Last seen:2026-07-03 17:51:45 UTC
File type: tar
MIME type:application/x-rar
ssdeep 768:ZaHCTn02OyA/GB3KCOFETTDup/PYCJ6M2+m4lnBr3eHV2SWC:MiT09ywG3Z/H2FJR2b4dBjkUdC
TLSH T18A2302F33BD4FB5F41C5DC71716B778123E40227CA60A8AF4463249D77E12D846AD884
TrID 61.5% (.RAR) RAR compressed archive (v5.0) (8000/1)
38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika rar
Reporter TomU
Tags:tar

Intelligence


File Origin
# of uploads :
2
# of downloads :
14
Origin country :
CH CH
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:BIK1910486_20260615.js
File size:87'541 bytes
SHA256 hash: a6b89624b9dbb5a76edaf177adb77b8948f9fe147f0a334f31c4bf20da476aa7
MD5 hash: 5346723370224ea1a5231e5fffe914d1
MIME type:text/plain
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Tags:
uloader virus blic
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive explorer lolbin repaired
Verdict:
Malicious
File Type:
rar
First seen:
2026-06-15T08:35:00Z UTC
Last seen:
2026-06-28T07:44:00Z UTC
Hits:
~10
Gathering data
Threat name:
Win32.Trojan.Malgent
Status:
Malicious
First seen:
2026-06-15 09:35:25 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
14 of 36 (38.89%)
Threat level:
  5/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Sus_CMD_Powershell_Usage
Author:XiAnzheng
Description:May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)
Rule name:telebot_framework
Author:vietdx.mb

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

tar ccd65b2ac86e64b8d87399b8875bbbb02020ae42c4fe5eb6be6e7769391f7603

(this sample)

  
Delivery method
Distributed via e-mail attachment

Comments