MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50
SHA3-384 hash:	b07a77062cf401d53b0d495b157116dc71fa4ce2d54a66ffd6b639b3c9b6949c40286df5c51235b0d015848673230389
SHA1 hash:	7e7db3e3cf6477e702cf39996a5a2ecd5132af9e
MD5 hash:	c63484cc1012c4f2f49fbef1731ab322
humanhash:	snake-angel-michigan-wyoming
File name:	AWB_889017950847.rar
Download:	download sample
File size:	25'765 bytes
First seen:	2026-05-14 07:07:19 UTC
Last seen:	Never
File type:	rar
MIME type:	application/x-rar
ssdeep	768:6HfbEuxaj7LvPYN59Irf3AGgBJmOmtuxTOW:WjEuO7D85SAGg/mOAkd
TLSH	T101C2E15B520B07A3FAAC705CB00357AE7A5FFE0996E1F35F04602FC65DAC4A5E225C41
TrID	61.5% (.RAR) RAR compressed archive (v5.0) (8000/1) 38.4% (.RAR) RAR compressed archive (gen) (5000/1)
Magika	rar
Reporter	JAMESWT_WT
Tags:	45-133-174-90 rar Spam-ITA updatedserver-shop

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Details

Link:

https://research.acce.ciphertechsolutions.com/results/c982a4c6-3790-431d-b477-5d5ef79f79f3/

Detection(s):

Sanesecurity.Foxhole.JS_Rar_1.UNOFFICIAL

Sanesecurity.Malware.32532.UNOFFICIAL

SecuriteInfo.com.Suspicious-Rar-JS.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6a0574b546d6967b3d903c17

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-vm evasive fingerprint obfuscated powershell repaired

Link:

https://www.filescan.io/uploads/6a0574ae792fe2d217b2a908/reports/35e48732-5446-42be-be56-1ba12f71e6c3/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50

Verdict:

Malicious

File Type:

rar

First seen:

2026-05-14T05:50:00Z UTC

Last seen:

2026-05-16T04:23:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50/results?tab=lookup

Verdict:

inconclusive

YARA:

1 match(es)

Tags:

Rar Archive

Link:

https://app.malva.re/file/c63484cc1012c4f2f49fbef1731ab322

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50/

Threat name:

Script-JS.Backdoor.Remcos

Status:

Malicious

First seen:

2026-05-14 07:06:56 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7ncdbzyyk6cwtwgu6hwcjstzqpgrhc6h5dj433nzbphhshbzrjia._file

Gathering data

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/fb4430e718578569d8d4f1ec24ca7983cd138bc7e8d3cdedb90bce791c398a50

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample