MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed
SHA3-384 hash: 3bcfe6d9ea511977f441262ab3b0a5c1279b58cc3e78743f42daca177d494d94f2e43847cdbe64e3a383f66ba08bd395
SHA1 hash: 25e8b8ecc04fbeb8f46dcc018efbb544b5e7372e
MD5 hash: 9e889735c69ddfce6043c6b6d1643837
humanhash: november-double-georgia-skylark
File name:ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed.zip
Download: download sample
File size:6'712 bytes
First seen:2026-02-27 07:25:07 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 192:UmlhnVOFTi7ohJjTjTjTjTCBLIDTmS7Wp9pfgiYDEI566666J:fqTqk9HHHaGSSkWu
TLSH T173D18D5762485238EE72D0A6933C73D2167A7E80C565910EE7CD71346120E6F3FC6A77
Magika zip
Reporter JAMESWT_WT
Tags:webdot-ddns-net zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:PYT0021002025001.js
File size:140'764 bytes
SHA256 hash: 5990f979cf3a9162a5940eb3b76aec42cba8ab4a1868a7f8f779264c3e99fbaa
MD5 hash: fb78680067d5fec230b789665c8ea8cb
MIME type:text/plain
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/572dc11a-100a-4cc6-84c5-d6709d98c41c/
Detection(s):
Sanesecurity.Foxhole.Zip_JsNum.v2.UNOFFICIAL
Create hunting rule

PUA.SecuriteInfo.com.JS.Malware-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a146ecc950ab5d9ab206bb
Tags:
xtreme shell overt
Result
Verdict:
Malicious
File Type:
JS File - Malicious
Link:
https://app.docguard.net/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed/results/dashboard
Behaviour
BlacklistAPI detected
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 evasive obfuscated powershell repaired soft-404
Link:
https://www.filescan.io/uploads/69a146e797feb4afd65ebcd7/reports/a5b77418-1a95-4efe-8ccd-bd69a2605df3/overview
Verdict:
Suspicious
Labled as:
Mal/DrodZp
Link:
https://www.hybrid-analysis.com/sample/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed
Verdict:
Malicious
File Type:
zip
Link:
https://opentip.kaspersky.com/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed/results?tab=lookup
Score:
93%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-05-08 23:22:53 UTC
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5y2zu7razkz7seopggdbw5ljlofiofgcreapr6lnkcaxmsabutwq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/260227-jy3feaht5b/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Badlisted process makes network request
Malware Config
Dropper Extraction:
https://www.pastery.net/ekgwgt/raw/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ee359a7e20cab3f911cf31861b75695b8a8714c28900f8f96d5081764801a4ed

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments