MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e
SHA3-384 hash:	a24910348cebb18c89620d64ad093ba204516a0e6bcb7ad5c317e59ed844d0e7c76d1baee4c545216aea12ec1b2f3fc7
SHA1 hash:	9390cfec50c9dbc0567e1e875f2f6ce458e4bc72
MD5 hash:	1917d2f43d22d88133dab21fa0dbc555
humanhash:	lion-lithium-hotel-ten
File name:	REQ_For_Payment_Invoice__FER9079900530981016230-800119_pdf.txz.rar
Download:	download sample
File size:	122'329 bytes
First seen:	2026-06-02 15:47:44 UTC
Last seen:	2026-06-02 15:47:59 UTC
File type:	rar
MIME type:	application/x-rar
ssdeep	3072:vsWrHHSeSKFuk3hpY3XrT4g2t8SKy8jFM6piFRhEYQ4:ZLmKzxw7Caljy6pImY3
TLSH	T196C31350025BCC24181D0DF87E5CC66A1ECFAD4A921F54E04A4E2BB3A1D72CF7ACE761
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	TomU
Tags:	rar

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:	REQ For Payment Invoice FER9079900530981016230-800119_pdf.js
File size:	806'008 bytes
SHA256 hash:	8918151f86687bf6dcd6962b05fe94d4a48c400d89cfdee172d8ee70f06c3403
MD5 hash:	c5e47e4d9c1d944a79014e2b1fa62384
MIME type:	text/plain

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/30dc3fa4-777b-4c12-b620-4afe4f12a851/

Detection(s):

Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL

SecuriteInfo.com.Trojan.GenericKD.80260978.18440.17255.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a1efb62f8676ad4d36062db

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

masquerade obfuscated repaired

Link:

https://www.filescan.io/uploads/6a1efb5f46e44aecc0caa1d3/reports/1d8faa92-7cfd-4c1e-8b40-ba530f3bccd5/overview

Verdict:

Malicious

Labled as:

Trojan.GenericS

Link:

https://www.hybrid-analysis.com/sample/e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e

Verdict:

Malicious

File Type:

rar

First seen:

2026-06-01T05:23:00Z UTC

Last seen:

2026-06-01T08:47:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e/results?tab=lookup

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2026-06-01 08:56:10 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

9 of 36 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=5af7yljz4tzwnyohlpqfb75o456d5bfv3ize7c4bfzhc4orvirpa._file

Result

Malware family:

n/a

Score:

8/10

Tags:

collection defense_evasion discovery execution persistence

Link:

https://tria.ge/reports/260602-yc45fadt7v/

Behaviour

Enumerates system info in registry

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

outlook_office_path

outlook_win_path

Browser Information Discovery

Command and Scripting Interpreter: JavaScript

Enumerates physical storage devices

System Time Discovery

Drops file in Windows directory

Accesses Microsoft Outlook profiles

Hide Artifacts: Hidden Window

Checks computer location settings

Registers new Windows logon scripts automatically executed at logon.

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Downloads MZ/PE file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

rar e80bfc2d39e4f366e1c75be050ffaee77c3e84b5da324f8b812e4e2e3a35445e

(this sample)

Delivery method

Distributed via e-mail attachment

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample