MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 22 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261
SHA3-384 hash: 1c02c7c1c426089576e3c43643b7de2f490bda4d629cc4c26e47a45d93f0d8e5112ba643ca76f538cddb85e216df18fe
SHA1 hash: 6102affa29da099294d30c963132495ed31c87e0
MD5 hash: f0c96ed7be288ca532a29a902b4f08c9
humanhash: florida-xray-venus-mexico
File name:stratum-ping-win-x64.zip
Download: download sample
File size:5'374'415 bytes
First seen:2025-11-24 19:56:23 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 98304:mxCVg3BXGnTozVZGyWUI3E2p/L4Xqfi6x0T+8RnNhC/u/XYP7:07GnEz7Gy+E2d400T+8RnXW
TLSH T1C44633A94B9F8DCC1F25027AB07261F679C0A9E10620B798036BCBBDC7D9DF9644854F
Magika zip
Reporter juroots
Tags:zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
99
Origin country :
IL IL
File Archive Information

This file archive contains 6 file(s), sorted by their relevance:

File name:stratum-ping.exe
File size:5'157'888 bytes
SHA256 hash: 1fb8b06150ab6c0440db831d85ab906e8b65fb8ada7cef8e541c088a042b1ff1
MD5 hash: a376a0de74f647b9df5e75d85fa6af19
MIME type:application/x-dosexec
File name:ping-2miners.bat
File size:44 bytes
SHA256 hash: 70a669e396bdd2ed1f4f60f7c3ffef3c4ccaf7793cb8b38897b3192d52cde405
MD5 hash: 26a50a8f65e0f3e24b0fa5a5a7d3cb10
MIME type:text/plain
File name:README.md
File size:3'153 bytes
SHA256 hash: c8df8e7c39788ace35c335c782edce2ddff81ae04d362881cfee42ca437927c3
MD5 hash: 24d808ed92fca9847085968234a87941
MIME type:text/plain
File name:ping-antpool.bat
File size:52 bytes
SHA256 hash: 36f75ead2f4925a27fd22ae1a54fd1ed4ab03783f39421faecc86648bf1a385b
MD5 hash: 5747fbdfb03cdcf84f7cacfd32416ae3
MIME type:text/plain
File name:ping-ethermine.bat
File size:46 bytes
SHA256 hash: 6bff035f514e2a8e5f37b91e6805df47905da6a049c555e1413f4ed011617d35
MD5 hash: fc53b742c567f3ad7b706ce9803f730a
MIME type:text/plain
File name:LICENSE
File size:1'068 bytes
SHA256 hash: a76282a8e6622341d371a369672a64e1224796f8029b351fa39f461563e549c1
MD5 hash: faf5dbc33b25900f9509ed00c31bfcaa
MIME type:text/plain
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6924b8bd5d7fac83ebf28e60
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Unknown
File Type:
zip
First seen:
2025-11-25T03:55:00Z UTC
Last seen:
2025-11-25T04:19:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261/results?tab=lookup
Score:
73%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261
Verdict:
inconclusive
YARA:
4 match(es)
Tags:
Executable PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/f0c96ed7be288ca532a29a902b4f08c9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-24 19:57:48 UTC
File Type:
Binary (Archive)
Extracted files:
10
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7tvcemrfkpn6dqfhqz2ru5u5tzydcad34yslpjdavrood7zfijqq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:command_and_control
Create hunting rule
Author:CD_R0M_
Description:This rule searches for common strings found by malware using C2. Based on a sample used by a Ransomware group
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerException__SetConsoleCtrl
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:Detect_Go_GOMAXPROCS
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:Golangmalware
Create hunting rule
Author:Dhanunjaya
Description:Malware in Golang
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:golang_duffcopy_amd64
Create hunting rule
Rule name:HiveRansomware
Create hunting rule
Author:Dhanunjaya
Description:Yara Rule To Detect Hive V4 Ransomware
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:ProgramLanguage_Golang
Create hunting rule
Author:albertzsigovits
Description:Application written in Golang programming language
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:ThreadControl__Context
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

zip fcea22322553dbe1c0a786751a769d9e7031007be624b7a460ac5ce1ff254261

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3716192/
  
Delivery method
Distributed via web download

Comments