0dd1cf2d9a72fdbef19e77af59ba9d1f
Hash
- MD5: 0dd1cf2d9a72fdbef19e77af59ba9d1f
- SHA1: d7ed1afdf19ffbf3e667d3fcc0ddeb6342a4d5ab
- SHA256: aedd975e59ffe867bec9be9a33d438b8d34c96e7f42453f7661e2127890aa0e2
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "aedd975e59ffe867bec9be9a33d438b8d34c96e7f42453f7661e2127890aa0e2",
"sha3_384_hash": "6b935053740e7f8f84a72fda2e043abd6f40ea47e3a8ae71beebedacd99aae2424fd8da41cc388567155a4049d137901",
"sha1_hash": "d7ed1afdf19ffbf3e667d3fcc0ddeb6342a4d5ab",
"md5_hash": "0dd1cf2d9a72fdbef19e77af59ba9d1f",
"first_seen": "2026-04-06 18:49:47",
"last_seen": null,
"file_name": "2026_4th_K-ICTC_Information.zip",
"file_size": 157363,
"file_type_mime": "application/zip",
"file_type": "zip",
"file_format": null,
"file_arch": null,
"reporter": "smica83",
"origin_country": "HU",
"anonymous": 0,
"signature": null,
"imphash": null,
"tlsh": "T1AFF31218462896FEE3F69379AA094B831C8701D9E4A1560C766F3DFD2938CE7130F5C0",
"telfhash": null,
"gimphash": null,
"ssdeep": "3072:EAkb7MJFDPnaOJlitktW+HQFVAtbwMcQaaaTIEza7/7m+qbzwCdEf:yi/zJlskVQFVAtbncvWEz1WCdEf",
"magika": "zip",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"DPRK",
"zip"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": [
"Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL",
"Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL",
"Sanesecurity.Malware.27118.LnkHeur.UNOFFICIAL",
"SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL",
"TwinWave.EvilLNK.HTTPDottedQuadPolicykill.20220908.UNOFFICIAL",
"Win.Trojan.Suspect-34"
],
"downloads": "119",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "Archive_in_LNK",
"author": "@bartblaze",
"description": "Identifies archive (compressed) files in shortcut (LNK) files.",
"reference": null
},
{
"rule_name": "Download_in_LNK",
"author": "@bartblaze",
"description": "Identifies download artefacts in shortcut (LNK) files.",
"reference": null
},
{
"rule_name": "Execution_in_LNK",
"author": "@bartblaze",
"description": "Identifies execution artefacts in shortcut (LNK) files.",
"reference": null
},
{
"rule_name": "LNK_sospechosos",
"author": "Germ\u00e1n Fern\u00e1ndez",
"description": "Detecta archivos .lnk sospechosos",
"reference": null
},
{
"rule_name": "PDF_in_LNK",
"author": "@bartblaze",
"description": "Identifies Adobe Acrobat artefacts in shortcut (LNK) files. A PDF document is typically used as decoy in a malicious LNK.",
"reference": null
},
{
"rule_name": "Script_in_LNK",
"author": "@bartblaze",
"description": "Identifies scripting artefacts in shortcut (LNK) files.",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/aedd975e59ffe867bec9be9a33d438b8d34c96e7f42453f7661e2127890aa0e2/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "1.00"
},
"InQuest": {
"verdict": "MALICIOUS",
"url": "https://labs.inquest.net/dfi/sha256/aedd975e59ffe867bec9be9a33d438b8d34c96e7f42453f7661e2127890aa0e2",
"details": [
{
"category": "info",
"title": "Document With Few Pages",
"description": "Document contains between one and three pages of content. Most malicious documents are sparse in page count."
},
{
"category": "info",
"title": "IPv4 Dotted Quad URL",
"description": "A URL was detected referencing a direct IP address, as opposed to a domain name."
}
]
},
"ReversingLabs": {
"threat_name": "Win32.Trojan.Ravartar",
"status": "MALICIOUS",
"first_seen": "2026-04-03 10:21:12",
"scanner_count": "24",
"scanner_match": "11",
"scanner_percent": "45.83"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "NO_THREAT",
"threatlevel": "0.25",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69d4006d2346b9da57c223a6/reports/29c00b93-0ade-45d2-ace7-50cd7fbe614b/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "zip",
"first_seen": "2026-04-03T18:54:00Z",
"last_seen": "2026-04-07T03:39:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/aedd975e59ffe867bec9be9a33d438b8d34c96e7f42453f7661e2127890aa0e2/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}