af7330af68a8f79b5a28fcc242e54a7e
Hash
- MD5: af7330af68a8f79b5a28fcc242e54a7e
- SHA1: aa8a9c84858fa4d2cf018f5298c95e71eb44b10a
- SHA256: bead7a8c1c2c624c2b76917462b36aee59903440016a845c07505f905469cc30
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "bead7a8c1c2c624c2b76917462b36aee59903440016a845c07505f905469cc30",
"sha3_384_hash": "e29fdff9cd14dfa55c7a051296d5b1789da2aa0c10ab03f58d318b382a9c3bb8fc2927db4641b75215e6cca58d6de02b",
"sha1_hash": "aa8a9c84858fa4d2cf018f5298c95e71eb44b10a",
"md5_hash": "af7330af68a8f79b5a28fcc242e54a7e",
"first_seen": "2026-03-26 19:42:45",
"last_seen": null,
"file_name": "doc_2026-03-26_08-58-03.NetAngular.pdf.zip",
"file_size": 8243,
"file_type_mime": "application/zip",
"file_type": "zip",
"file_format": null,
"file_arch": null,
"reporter": "smica83",
"origin_country": "HU",
"anonymous": 0,
"signature": "Kimsuky",
"imphash": null,
"tlsh": "T1A802C231CD11779FB9EEA62FC76B9F3AC44320396D9144195018EFA908B5B09C4FE349",
"telfhash": null,
"gimphash": null,
"ssdeep": "192:lc5N7Uub7aIBJebiTDqqK3gkwvAuX8T/yVO9lqLCauy:l+fbSoDDkQMTqkIWy",
"magika": "zip",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"apt",
"Kimsuky",
"zip"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": [
"Sanesecurity.Foxhole.Lnk_Zip_1.UNOFFICIAL",
"Sanesecurity.Foxhole.Zip_pdf.UNOFFICIAL",
"SecuriteInfo.com.Zip.LNK-1.UNOFFICIAL",
"TwinWave.EvilLNK.KingForADaypshell.20231121.UNOFFICIAL",
"Win.Trojan.Suspect-34"
],
"downloads": "154",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "EXT_EXPL_ZTH_LNK_EXPLOIT_A",
"author": "Peter Girnus",
"description": "This YARA file detects padded LNK files designed to exploit ZDI-CAN-25373.",
"reference": "https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
},
{
"rule_name": "Large_filesize_LNK",
"author": "@bartblaze",
"description": "Identifies shortcut (LNK) file larger than 100KB. Most goodware LNK files are smaller than 100KB.",
"reference": null
},
{
"rule_name": "PS_in_LNK",
"author": "@bartblaze",
"description": "Identifies PowerShell artefacts in shortcut (LNK) files.",
"reference": null
},
{
"rule_name": "SUSP_LNK_Big_Link_File",
"author": "Florian Roth (Nextron Systems)",
"description": "Detects a suspiciously big LNK file - maybe with embedded content",
"reference": "Internal Research"
},
{
"rule_name": "SUSP_LNK_Big_Link_File_RID2EDD",
"author": "Florian Roth",
"description": "Detects a suspiciously big LNK file - maybe with embedded content",
"reference": "Internal Research"
},
{
"rule_name": "Sus_CMD_Powershell_Usage",
"author": "XiAnzheng",
"description": "May Contain(Obfuscated or no) Powershell or CMD Command that can be abused by threat actor(can create FP)",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/bead7a8c1c2c624c2b76917462b36aee59903440016a845c07505f905469cc30/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "1.00"
},
"InQuest": {
"verdict": "MALICIOUS",
"url": "https://labs.inquest.net/dfi/sha256/bead7a8c1c2c624c2b76917462b36aee59903440016a845c07505f905469cc30",
"details": [
{
"category": "suspicious",
"title": "Hidden Powershell",
"description": "Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'."
}
]
},
"DocGuard": {
"verdict": "Malicious",
"filetype": "LNK File - Malicious",
"alertlevel": "0",
"urls": []
},
"ReversingLabs": {
"threat_name": "Shortcut.Backdoor.Kimsuky",
"status": "MALICIOUS",
"first_seen": "2026-03-26 19:43:22",
"scanner_count": "24",
"scanner_match": "15",
"scanner_percent": "62.50"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "MALICIOUS",
"threatlevel": "1.0",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/69c58c56e2df9aa488b983a0/reports/e8c279e1-e3e3-4e8b-ad67-771651f4b69c/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "zip",
"first_seen": "2026-03-26T18:20:00Z",
"last_seen": "2026-03-26T18:55:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/bead7a8c1c2c624c2b76917462b36aee59903440016a845c07505f905469cc30/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}