Suspicious
Suspect

0220c52b91a20d3a9324f50f53a8d603

Share on LinkedIn
Print
ZIP Archive
MD5: 0220c52b91a20d3a9324f50f53a8d603
Size: 4.16 MB
application/zip

Get an AI-generated breakdown of this malware's behaviour, IOCs and recommendations.

AI analysis is available with Essential.
Unlock with Essential
MD5 0220c52b91a20d3a9324f50f53a8d603
Sha1 deb5482f7f16b9ec51a2e9827afd7ccd0b939a02
Sha256 a5b28d301bd025dbf4c4815c412749650bd07ebf6cdf8a4e6406260da8d6c0e4
Sha384 f7f5728d292e49ebe4924f2ae5705c77482ee939c518c20324651805f0c611edeb21ce246375a08fe99d4eb5f115348c
Sha512 eead4dca2bf76782c80b4cbaaacefb0588ee55792b56f10a324e350c35f22fe06b745bca2b1ff27dee855fee8cb8d75f969a4cd532d68b4eaafda0e074742636
SSDeep 98304:yK0aBfrzNXrg18sb7bEU8oDvav7azyjiQ6nlaOoP0/jvVLOrn4m:RpzN72lb7bEtpaz20a8vROrD
TLSH 1C1633CDCAEB6078EC774021C3D91DD193AA00BBEECA4A7F5AC25BD394D4485E027E59
[Authenticode]_c7070076.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
.fptable
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_86e04f56.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
[Authenticode]_c434e7f7.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_516297c7.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
[Authenticode]_07bf70b0.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_df8e3a67.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.tls
.reloc
[Authenticode]_9e5aa671.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.data
.rdata
.pdata
.xdata
.bss
.edata
.idata
.CRT
.tls
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_2441bb51.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
.rdata
.data
.pdata
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
[Authenticode]_add9f1e3.p7b
Structure
DosHeader
PE Header
Optional Header (x64)
Section Headers
.text
fothk
.rdata
.data
.pdata
_RDATA
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:1033
STICH beta Structural Threat Infection Chain Hash

A content-independent fingerprint of the infection method: successive formats, internal objects and MITRE techniques from the initial file to each final payload.

Structural branches: 5 STICH kept: 1secondary ignored: 4
bin 4

Decorative / non-determinant leaves (styles, themes, media, fonts, icons, plain text…) are summarized here instead of producing STICH Paths.

STICH Path = the fingerprint (canonical chain with techniques) STICH Shape = structure only Only determinant branches produce STICH Paths.
Path arc:zip>pe:dll
Shape arc:zip>pe:dll
2 nodes
An error has occurred. This application may no longer respond until reloaded. Reload 🗙