MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599
SHA3-384 hash: 278435fda12bf72bffc48c693285b9500629c0a717cd3d594628116213098d54fb883f1ff9d1b9d0c877ceaa1f5c9166
SHA1 hash: fb3f6102eba709487fdcbc44393a85de62736bc3
MD5 hash: e4d5b4b0f98560e882ef7d24b1012b6a
humanhash: monkey-bakerloo-west-blue
File name:WORDPRESS 2026.zip
Download: download sample
File size:120'852 bytes
First seen:2026-01-16 12:30:57 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 3072:7gg9/shHyGE5/wskZ0MnIUboP1TXQEAh4:VkIGE6taMnIUboTgNh4
TLSH T11CC3F1BCDC2C5442CA1B61F28C4ED11665DF841DF9E79A5672100A480E69EC0FFB6BED
Magika zip
Reporter juroots
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
US US
File Archive Information

This file archive contains 13 file(s), sorted by their relevance:

File name:next.php
File size:3'059 bytes
SHA256 hash: 91cc81d3429bf7fcc3e5b297d695922252c310d9c95575af55e10dca06138d6c
MD5 hash: 49acabfab5eef26eecb3026096d4fcab
MIME type:text/x-php
File name:entry-login.0e690ca469b51e60ef7e.min.css
File size:157'159 bytes
SHA256 hash: 8a8f7745a7cdf98bf56ccd1c93ce51343ffbda0c27d27c8792d0adfb00251693
MD5 hash: a0ed8292980eee1db86a63034ab30d6f
MIME type:text/plain
File name:woo.png
File size:9'496 bytes
SHA256 hash: 5f450ec5e563ee623a5ec9fd35ba608f9e09d3fb075a2ac3a7c6a3a72d1981ab
MD5 hash: 6ab1d48cfa6c717cdb72490d2ce5aa9d
MIME type:image/png
File name:telegram.php
File size:103 bytes
SHA256 hash: f3d7f8dd7fa2a238fc1cf8944b797b0b5f794e62d2d5a421bae530e376aff3f4
MD5 hash: 21041d961c7d9a776ae41969531ac914
MIME type:text/plain
File name:8316.0ce0ab45487acf8d1ff1.min.css
File size:22'967 bytes
SHA256 hash: c4fd821d39ae334132383f6ac9a7227c41d820e155b8a1a5cb55756366dd8822
MD5 hash: 86b917d984efad6e754a25dadb1def7d
MIME type:text/plain
File name:record.txt
File size:693 bytes
SHA256 hash: bf1e1b11eb9a25e224695ad90479ca269ce2bb0ddd3ac7d158236b8a78204f78
MD5 hash: 484e519f6350d0e28b4985f2adeb3a24
MIME type:text/plain
File name:index.html
File size:34'350 bytes
SHA256 hash: 653b5b4c24849357d2d31f32ddffb8f5872cc69077aff1db02f100577bd34b6a
MD5 hash: 98ebe6e39e9a2a55f52f61091aacbde2
MIME type:text/html
File name:email.php
File size:68 bytes
SHA256 hash: 1e4debce065ca3d2e60ad9a317c74afefaf2ea2e798ffef6a9d9144b37ae8a34
MD5 hash: 2fa67b58d9e3691027091d773cf05501
MIME type:text/x-php
File name:card.html
File size:25'198 bytes
SHA256 hash: 8df24bb762aad5a3c57c2589d66a81dff189033e2195bcb8ea24c0408b2897c7
MD5 hash: cdba32a32c57390d2ec25e907e72ae8f
MIME type:text/html
File name:33135.f38d195b9c4b3664b139.min.css
File size:89'534 bytes
SHA256 hash: 775fcf8a05b6e259a8b6188d99df69c4a7f594a04b65a68cc9a0f84e08ce7d53
MD5 hash: 5a8de828a99fc7bfd77bf08bfc0318b6
MIME type:text/plain
File name:88423.f3687f687808f6e4b40a.min.css
File size:102'194 bytes
SHA256 hash: ecff60c0415f6f2a0046658ff74ab0f85927c657922c4da4f525bf36e7095810
MD5 hash: a0e6888691013e8d3c1e971db330ae58
MIME type:text/plain
File name:76409.15714cf5cd9a439e981e.min.css
File size:17'293 bytes
SHA256 hash: 14f228933b21b04c1f0635cbc716990e9454db599e16dd08e421e6cc91144021
MD5 hash: 2e0a744ecab4adf6694b99cce02b02d6
MIME type:text/plain
File name:79601.11acabf553d21919ab3e.min.css
File size:194'477 bytes
SHA256 hash: 9ba59bf7db4d3a49be950a77761f1450688bbd7f8cdeec79de1436c52ba8b535
MD5 hash: b16888fab1ad8a0c9b1dceee21665b2b
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/aef08568-de88-4691-b1ca-96b1b1629788/
Detection(s):
SecuriteInfo.com.PHP.Phish-28.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Vulnerability-found-CVE-2019-11358-in-jQuery.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.PUA.Telegrambot-21.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=696a2fa157243ef151cd8df8
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599
Details
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Verdict:
Unknown
File Type:
zip
First seen:
2026-01-12T03:00:00Z UTC
Last seen:
2026-01-13T18:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599/results?tab=lookup
Score:
12%
Verdict:
Benign
File Type:
ARCHIVE
Link:
https://malprob.io/report/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599/
Threat name:
Script-JS.Trojan.SNSsender
Create hunting rule
Status:
Malicious
First seen:
2026-01-12 06:55:31 UTC
File Type:
Binary (Archive)
Extracted files:
49
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2jwb3imxrwqcs3ywbffg6igmvdj5l2c7ar74b6aowib2vztxawmq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
discovery
Link:
https://tria.ge/reports/260116-tf4kvshs2h/
Behaviour
Checks processor information in registry
Enumerates system info in registry
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Browser Information Discovery
System Time Discovery
Drops file in Program Files directory
Drops file in Windows directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202409_html_AJAX_phish
Create hunting rule
Author:abuse.ch
Description:Detects potential HTML phishing page using AJXA
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip d26c1da1978da0296f16094a6f20cca8d3d5e85f047fc0f80eb203aae6770599

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3758937/
  
Delivery method
Distributed via web download

Comments