MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


CHStealer


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e
SHA3-384 hash: cd3d7b7356cb2a05bdc3bd95a558abed7ae50c027fb8fcb90b9b9de51c67f350bb8ae8f8695413c86b6e2a2f83a5e543
SHA1 hash: f955a2dda0461ae1386d294ef5d97b690f6bde65
MD5 hash: 48ae38a2344badc4cfae0eaf52a0d401
humanhash: beryllium-delaware-xray-august
File name:No Other Choice (2025) [1080p] [WEBRip] [5.1].zip
Download: download sample
Signature CHStealer
Create hunting rule
File size:5'520'377 bytes
First seen:2025-12-13 14:53:36 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:mQ43zTyKMjkOVyR1inscnNtFHrVLmXFQLgxKz2G/njo2Qpl0q3mt1W9nU:I3HyKGkO01inscn/72FzXmqM1W9nU
TLSH T13046120664A60FC5CD9C84B990DF1B9676ADAF4A4466D35F87A0E23F3FB33B08C144A1
Magika zip
Reporter aachum
Tags:77-83-207-208 DESKFUND-BENEFIT-NIDHI-LIMITED file-pumped rezipped signed zip


Avatar
iamaachum
https://downloadtorrentfile.com/hash/be8ccb354e8cf3245453ae79b8b9a2a8c307ea11?name=No%20Other%20Choice%20%282025%29%20%5b1080p%5d%20%5bWEBRip%5d%20%5b5.1%5d.scr

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
FR FR
File Archive Information

This file archive contains 6 file(s), sorted by their relevance:

File name:MAINICON
File size:20 bytes
SHA256 hash: 48f534b77e965cb6672e324546c1dad6a2102de9b42a883f1b4c8d5ff8945265
MD5 hash: d44f0aac60d5227a3764e84b06ee531a
MIME type:application/octet-stream
Signature CHStealer
File name:11111
File size:64 bytes
SHA256 hash: e0ba838c294fafc258f5c1140c53c04fed83fce1f31d3ed1307dbb687efe5351
MD5 hash: e4c315443572cc79c94b16938c1f21a9
MIME type:application/octet-stream
Signature CHStealer
File name:string.txt
File size:11'296 bytes
SHA256 hash: 764252f7512076c2f5f4123dcbc0aa6675b5013c0053842db4a4c6b45b4dcde7
MD5 hash: bdef727efb1f7069ec463469330a8181
MIME type:application/octet-stream
Signature CHStealer
File name:No Other Choice (2025) [1080p] [WEBRip] [5.1].scr
Pumped file This file is pumped. MalwareBazaar has de-pumped it.
File size:1'096'567'088 bytes
SHA256 hash: 418252eb085798db438426ca8c3697584e5ae359692bf71ed6f71db93017d35b
MD5 hash: 4ca849ff0c3289f4f338f6a3e15881e0
De-pumped file size:893'952 bytes (Vs. original size of 1'096'567'088 bytes)
De-pumped SHA256 hash: 188808a6a78bf2db176bc6a818b515f17d7cb288b6873c48e80d8f576b53f6ed
De-pumped MD5 hash: aba631c60047f5eb879ab03efe919cc9
MIME type:application/x-dosexec
Signature CHStealer
File name:PACKAGEINFO
File size:924 bytes
SHA256 hash: f14b53027ced1e7589d6d2f95c28e967f6318c489771e8087e87e11ac2329606
MD5 hash: b6936d2300ca2df9347bb774e86fa085
MIME type:application/octet-stream
Signature CHStealer
File name:DVCLAL
File size:16 bytes
SHA256 hash: 88d14cc6638af8a0836f6d868dfab60df92907a2d7becaefbbd7e007acb75610
MD5 hash: d8090aba7197fbf9c7e2631c750965a8
MIME type:application/octet-stream
Signature CHStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/f5511aed-ca17-4626-ae48-3418046fa206/
Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=693d7e27a62a7a3aa04693d8
Tags:
n/a
Result
Verdict:
Malicious
File Type:
ZIP File - Malicious
Link:
https://app.docguard.net/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e/results/dashboard
Behaviour
SuspiciousEmbeddedObjects detected
Gathering data
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e/results?tab=lookup
Score:
71%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e
Verdict:
Malware
YARA:
3 match(es)
Tags:
CVE-2019-13232 CVE-2019-9674 CVE-2022-29225 CVE-2022-36114 CVE-2023-46104 CVE-2024-0450 Executable Malicious PE (Portable Executable) PE File Layout Zip Archive Zip Bomb
Link:
https://app.malva.re/file/48ae38a2344badc4cfae0eaf52a0d401
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-13 14:54:17 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6sfnma35c4m43ipiz2dlsf5rf5dae5paalyhjlcgvqbxnziabf7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Borland
Create hunting rule
Author:malware-lu
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:HUNTING_SUSP_TLS_SECTION
Create hunting rule
Author:chaosphere
Description:Detect PE files with .tls section that can be used for anti-debugging
Reference:Practical Malware Analysis - Chapter 16
Rule name:pe_detect_tls_callbacks
Create hunting rule
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:shellcode
Create hunting rule
Author:nex
Description:Matched shellcode byte patterns
Rule name:weird_zip_high_compression_ratio
Create hunting rule
Author:Maxime THIEBAUT (@0xThiebaut)
Description:Detects single-entry ZIP files with a suspiciously high compression ratio (>100:1) and decompressed size above the 500MB AV limit
Reference:https://twitter.com/Cryptolaemus1/status/1633099154623803394

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

CHStealer

zip f48ad6037d1719cda1e8ce86b917b12f460275e002f074ac46ac0376e500097e

(this sample)

CHStealer

Executable exe 64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a

  
Link
https://tria.ge/251213-r49exafr3x/behavioral1
  
Delivery method
Distributed via web download
  
Dropping
SHA256 64b97d63af694192e4d6ba57c278ec324eaf6c8700c0f7cade06f5a08da81f5a
  
Dropping
MD5 22efca03c72a9138012abccf517d42e0
  
Dropping
SHA256 188808a6a78bf2db176bc6a818b515f17d7cb288b6873c48e80d8f576b53f6ed
  
Dropping
MD5 aba631c60047f5eb879ab03efe919cc9

Comments


Avatar
commented on 2025-12-13 14:57:41 UTC

Valid revoked certificate:
Name
DESKFUND BENEFIT NIDHI LIMITED
Status
Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer
SSL.com EV Code Signing Intermediate CA RSA R3
Valid From
03:10 PM 10/10/2025
Valid To
03:10 PM 10/10/2026
Valid Usage
Code Signing
Algorithm
sha256RSA
Thumbprint
CAAA615F6FFF277DF49504D4D42A291C19982C02
Serial Number
66 04 C2 6C 7C 8B 11 66 47 45 4F 00 0E FC A4 A8