MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e
SHA3-384 hash: 18c355d610d0b8892192062c0248a41e661a377733fd855e61cbdb1a6ac07b111a72f70bf3ee39e80344c8f471d36b44
SHA1 hash: 40f628202dbb5ac4a7ff269f852ef57711a9c770
MD5 hash: 1ebc93dec726f8e3642e570d9980dd7b
humanhash: fifteen-maryland-spring-aspen
File name:yezura-beta.7z
Download: download sample
File size:71'179'794 bytes
First seen:2026-04-04 18:46:23 UTC
Last seen:Never
File type: 7z
MIME type:application/x-7z-compressed
ssdeep 1572864:1yT4GvkBrrxWEbI03O8UokAdR7+EAPdV0BhJGSA78Z4flsLZZB6:MAz8GO8uEAPjMnGSA/+ZZ0
TLSH T14CF733966C6DED49C02AD07362D5C89E014340F3F198FD4FB6405A2BEFAD9894BEB706
TrID 57.1% (.7Z) 7-Zip compressed archive (v0.4) (8000/1)
42.8% (.7Z) 7-Zip compressed archive (gen) (6000/1)
Magika sevenzip
Reporter Alex_sev
Tags:7z file-pumped infostealer PWS spyware

Intelligence

File Origin
# of uploads :
1
# of downloads :
183
Origin country :
AU AU
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:yezura-beta.exe
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:169'744'116 bytes
SHA256 hash: 0e20c68eb1c2abbd89cca47ec34bb01f8fe730507321f5a5c521f6100e3979ab
MD5 hash: ee5064d79f626fee171444946dc564bd
De-pumped file size:89'353'728 bytes (Vs. original size of 169'744'116 bytes)
De-pumped SHA256 hash: d3d00ec74e4d7bdffaf17b50c3593dfe711950b5904911b7cd60d100230e0331
De-pumped MD5 hash: 13adf43aa05381961caab5af69c3f262
MIME type:application/x-dosexec
Vendor Threat Intelligence
Gathering data
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d15cd16a61012f6acec16d
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug fingerprint microsoft_visual_cc overlay packed packed pkg
Link:
https://www.filescan.io/uploads/69d15cae2346b9da57bd02b2/reports/5917baa0-1cec-4a6e-bd29-cdc8500a8736/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e
Verdict:
Malicious
File Type:
7z
First seen:
2026-04-05T02:38:00Z UTC
Last seen:
2026-04-05T03:07:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e/results?tab=lookup
Score:
62%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e
Gathering data
Threat name:
Win64.Malware.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-04 18:47:36 UTC
File Type:
Binary (Archive)
Extracted files:
211
AV detection:
1 of 37 (2.70%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5rixzhwi62tiix76rsuyew6ddmx6k4m3fxydah6qcyrw6aci2apa._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:upxHook
Create hunting rule
Author:@r3dbU7z
Description:Detect artifacts from 'upxHook' - modification of UPX packer
Reference:https://bazaar.abuse.ch/sample/6352be8aa5d8063673aa428c3807228c40505004320232a23d99ebd9ef48478a/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

7z ec517c9ec8f6a6845ffe8ca9825bc31b2fe5719b2df0301fd016236f0048d01e

(this sample)

Executable exe d3d00ec74e4d7bdffaf17b50c3593dfe711950b5904911b7cd60d100230e0331

  
Dropping
SHA256 d3d00ec74e4d7bdffaf17b50c3593dfe711950b5904911b7cd60d100230e0331
  
Dropping
MD5 13adf43aa05381961caab5af69c3f262

Comments