MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

KongTuke

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943
SHA3-384 hash:	3c880340a725a56ff254d647d549cee34b38c587a6054f2fad3d4644b96963c64c912726b097748668afd639b10a2e06
SHA1 hash:	d20eaa32150c662aa85334b752bb5853a5b5b822
MD5 hash:	947d92ebcf017fc6b2e17b0b38840c9c
humanhash:	beryllium-georgia-nitrogen-spring
File name:	d
Download:	download sample
Signature	KongTuke Create hunting rule
File size:	1'266'176 bytes
First seen:	2026-04-28 12:08:16 UTC
Last seen:	Never
File type:	tar
MIME type:	application/x-tar
ssdeep	24576:sl1HekYP8m5Ns35X6cChYjfdXy4jWIeLsEJLq+:slx6tY3V6cCMCKIJLJ
TLSH	T18845230584CA9333D5EEC0B2FA8FA877563D38072EB4441B93A15C676D6BAB08577B70
TrID	62.9% (.TAR/USTAR) TAR - Tape ARchive (POSIX) (17/3) 37.0% (.TAR) TAR - Tape ARchive (file) (10/3)
Magika	tar
Reporter	monitorsg
Tags:	Kongtuke tar

monitorsg

hXXps://gccsinc[.]com/file.js (ClickFucker) --> hXXps://gccsinc[.]com/t (token) --> hXXps://gccsinc[.]com/g (gateway) --> hXXps://gccsinc[.]com/c (clipboard) --> hXXps://2n1ksf4h0va[.]com/d (tar)

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

File Archive Information

This file archive contains 2 file(s), sorted by their relevance:

File name:	data.bin
File size:	1'209'567 bytes
SHA256 hash:	315d628d8bf289d194b347b229879356f7953180ec3b6999260d1e053ec765e1
MD5 hash:	26960592d45c60493c3754135c653aee
MIME type:	application/octet-stream
Signature	KongTuke

File name:	endpointdlp.dll
File size:	54'272 bytes
SHA256 hash:	1e41c7bfaa6aa3b93b6cc024274a10e33f3e12fe7c98c1db387ef8927f9d1984
MD5 hash:	b148626849c11dd5b3230632a38a6302
MIME type:	application/x-dosexec
Signature	KongTuke

Vendor Threat Intelligence

No detections

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69f0e43381aa9ec3bc2f7b85/reports/a39001d9-accf-44e1-91ee-e84947d1353b/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943

Verdict:

Clean

File Type:

tar

Link:

https://opentip.kaspersky.com/e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943/results?tab=lookup

Score:

63%

Verdict:

Susipicious

File Type:

Result

Malware family:

mintsloader

Score:

10/10

Tags:

family:mintsloader execution loader suricata

Link:

https://tria.ge/reports/260428-t9qk4afx2k/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Badlisted process makes network request

Command and Scripting Interpreter: PowerShell

Family: MintsLoader

Suricata alert: MintsLoader Outbound C2 Communication

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

tar e967728dfb8e5b4aec800f9bb2c30cd6f1350f7da48c06051e6ec59a7433f943

(this sample)

Link

https://infosec.exchange/@monitorsg/116482250739572388

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample