bb5040d54135b0999cc491b41a0a45e2
Hash
- MD5: bb5040d54135b0999cc491b41a0a45e2
- SHA1: bff6abac56e84b7487846f0ac04ecc1773cb5e02
- SHA256: a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e
- First Seen: 2026-05-15
- Last Seen: 2026-05-15
-
1
Related Reports
-
0
Related IOCs
Additional Information
MalwareBazaar
{
"query_status": "ok",
"data": [
{
"sha256_hash": "a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e",
"sha3_384_hash": "7342a43759cd72f0f13db46525b6077a3317671420d98077cd56ec57a9d4c1f773d904cbbcec569cacc1cc7ddc30a483",
"sha1_hash": "bff6abac56e84b7487846f0ac04ecc1773cb5e02",
"md5_hash": "bb5040d54135b0999cc491b41a0a45e2",
"first_seen": "2025-12-12 13:52:10",
"last_seen": null,
"file_name": "bb5040d54135b0999cc491b41a0a45e2.zip",
"file_size": 13858962,
"file_type_mime": "application/zip",
"file_type": "zip",
"file_format": null,
"file_arch": null,
"reporter": "smica83",
"origin_country": "HU",
"anonymous": 0,
"signature": "Kimsuky",
"imphash": null,
"tlsh": "T1D8D63392A9DA315B0C036719CF84F25F9EF593C0A89EFA605762CCEC3647C5A9BCD064",
"telfhash": null,
"gimphash": null,
"ssdeep": "393216:9CUoGmX8o8PLLIdBcJ3Mwl1Chu8Ir1jDQGlqxI:9CUF+8oXaZMy1Ee4Glqi",
"magika": "zip",
"dhash_icon": null,
"trid": null,
"comment": null,
"archive_pw": null,
"tags": [
"Kimsuky",
"zip"
],
"code_sign": null,
"delivery_method": null,
"intelligence": {
"clamav": null,
"downloads": "101",
"uploads": "1",
"mail": null
},
"file_information": null,
"ole_information": [],
"yara_rules": [
{
"rule_name": "SUSP_Double_Base64_Encoded_Executable_RID34CC",
"author": "Florian Roth",
"description": "Detects an executable that has been encoded with base64 twice",
"reference": "https://twitter.com/TweeterCyber/status/1189073238803877889"
},
{
"rule_name": "vmdetect",
"author": "nex",
"description": "Possibly employs anti-virtualization techniques",
"reference": null
}
],
"vendor_intel": {
"CERT-PL_MWDB": {
"detection": null,
"link": "https://mwdb.cert.pl/sample/a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e/"
},
"YOROI_YOMI": {
"detection": "Malicious File",
"score": "0.70"
},
"InQuest": {
"verdict": "MALICIOUS",
"url": "https://labs.inquest.net/dfi/sha256/a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e",
"details": [
{
"category": "suspicious",
"title": "Base64 Encoded URL",
"description": "Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix."
}
]
},
"DocGuard": {
"verdict": "Unknown",
"filetype": "ZIP File",
"alertlevel": "0",
"urls": []
},
"ReversingLabs": {
"threat_name": "Script.Trojan.Heuristic",
"status": "MALICIOUS",
"first_seen": "2025-12-12 13:53:19",
"scanner_count": "37",
"scanner_match": "6",
"scanner_percent": "16.22"
},
"Spamhaus_HBL": [
{
"detection": "suspicious",
"link": "https://www.spamhaus.org/hbl/"
}
],
"FileScan-IO": {
"verdict": "MALICIOUS",
"threatlevel": "1.0",
"confidence": "1.0",
"report_link": "https://www.filescan.io/uploads/693c1e11cf690d27f3ddd735/reports/e5fda64b-4660-4f52-ae13-dc82cc3ec86c/overview"
},
"Kaspersky": {
"verdict": "Malware",
"file_type": "zip",
"first_seen": "2025-12-12T14:14:00Z",
"last_seen": "2025-12-12T14:35:00Z",
"hitscount": 10,
"report_link": "https://opentip.kaspersky.com/a2269df8913ae0ebc6396cccb6a83a0bff5fcfae02bc938ef86f148f3809c50e/results?tab=lookup",
"detections": []
}
},
"comments": null
}
]
}