Authenticate for API access | If you are experiencing issues with receiving data from abuse.ch platforms via API, please ensure your requests are authenticated. ➡️ Read here for more info

YARAify Scan Results

You are viewing the YARAify database entry for the file with the SHA256 hash 215747582d583eba6ca649087e8f40408aeefdb8fde665d1b91036174ea12a1d.

Scan Results

SHA256 hash: 215747582d583eba6ca649087e8f40408aeefdb8fde665d1b91036174ea12a1d
File size:1'075'200 bytes
File download: Original
MIME type:application/x-dosexec
MD5 hash: 0a0efa6b145e3dac64e3cf9d54c68dd8
SHA1 hash: f1ef17c6afd9365b1769150711a53c5dc1e4871d
SHA3-384 hash: 5cf2152991c389cec8ec815325b075d9de446fe4b8a8ce49d118aa020ccedb3c5cdca467de76215f8fe9a9769fbca376
First seen:2025-08-24 22:18:57 UTC
Last seen:Never
Sightings:1
imphash : d28b3b3ccb3e2b2fcdbd2303a8f0791c
Create hunting rule
ssdeep : 24576:JvhcA1eXgMDYOuXhDFhqX1VXRmdnLLXQZsfWGyRuLs4zvgtR2:JvhcAwXgMXshi4dnLLXQZsfWGyRuLs4v
TLSH :n/a
telfhash :n/a
gimphash :n/a
dhash icon :n/a

Tasks

There are 1 tasks on YARAify for this particular file. The 10 most recent ones are shown below.

Task Information

Task ID:542ee462-8138-11f0-8fb7-42010aa4000b
File name:0a0efa6b145e3dac64e3cf9d54c68dd8
Task parameters:ClamAV scan:True
Unpack:False
Share file:True

ClamAV Results

The file matched the following open source and commercial ClamAV rules.

Signature:SecuriteInfo.com.PUA.DiscordUrl-1.UNOFFICIAL
Create hunting rule

YARA Results

Static Analysis

The following YARA rules matched on the file (static analysis).

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_AllMal_Detector
Create hunting rule
Author:DiegoAnalytics
Description:CrossPlatform All Malwares Detector: Detect PE, ELF, Mach-O, scripts, archives; overlay, obfuscation, encryption, spoofing, hiding, high entropy, network communication
TLP:TLP:WHITE
Repository:YARAify
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
TLP:TLP:WHITE
Repository:YARAify
Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:classified
Rule name:dsc
Create hunting rule
Author:Aaron DeVera
Description:Discord domains
TLP:TLP:WHITE
Repository:MalwareBazaar
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
TLP:TLP:WHITE
Repository:YARAify
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
TLP:TLP:WHITE
Repository:YARAify
Rule name:INDICATOR_SUSPICIOUS_EXE_DiscordURL
Create hunting rule
Author:ditekSHen
Description:Detects executables Discord URL observed in first stage droppers
TLP:TLP:WHITE
Repository:diˈtekSHən
Rule name:pe_detect_tls_callbacks
Create hunting rule
Author:
TLP:TLP:WHITE
Repository:YARAify
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
TLP:TLP:WHITE
Repository:YARAify
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
TLP:TLP:WHITE
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
TLP:TLP:WHITE
Repository:

Unpacker

The following YARA rules matched on the unpacked file.

Unpacked Files

The following files could be unpacked from this sample.