SHA256MediumSignal 90/100

`26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b`

Location

Brazil

First Seen

Mar 28, 2023

Last Seen

Jun 9, 2026

Mar 28

First Seen

1175d ago

Jun 9

Last Seen

6d ago

Reports

source reports

90%

Confidence

medium

Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-256 Hash

SHA-256 file hash — primary identifier for malware samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA256

Confidence

90%

Signal Score

90 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Feed Intelligence Summary

12 reports90% confidence

Source reports

90%

Confidence score

Category tags

abuseactive directoryactive scanactive scanningadvancedipscannerakiraakira iocsalienvault_ransomwareanydeskasiaasnsautomotive manufacturingav killersavast packagebad reputationbankingbitsblackbastabotnetbotnet activitybrazilbrute forcechecks-usb-buscisa kevcisco asacobalt strikecobaltstrikecode executioncommand & controlcommand and controlcommand executioncommand linecompromised credentialsconsumer goodsconticorecredential accesscredential harvestingcredential stuffingcredit card servicescrypto cybercryptocurrencycyberdata encryptiondata exfiltrationdata store exposuredefencedefense evasiondelphidesktopdetect-debug-environmentdirect-cpu-clock-accessdistributed attackselectronic health recordselectronics manufacturingencryptionesxieuropeeverything fileexploit avaliableexploitationexploitation activityextortionfigurefile-hashfinancefinance and insurancefinancial servicesfinancial technologyfirmware updatefoggermanyguloaderhacking toolshasheshealth care and social assistancehealth information technologyhealthcare information systemshospital managementhostnamehostname enumerationhypervidentity & access exploitationimpactin the wildindex databaseindiaindicatorindustrial automationindustrial iotindustrial productioninformation gatheringingress tool transferinitial accessinjection activityinnoiot securitykaliknown hostnameslateral movementlazagnelegitlokibotmakopmalicious downloadmalicious powershell activitymalicious softwaremalwaremalware distributionmanufacturing technologymasscanmedicalmedical servicesmedusalockermfa bypassnetpassnetscannetwork protocolnetwork scanningnitrogennitrogen c2nlbruteoffsite backupoperating systemoverlaypasspatient carepay2key ransompay2key toolkitpayment processingpeexeperuphishingphishing attackphobospingcastleplay ransomwarepost-compromisepowershellprivilege escalationprocess injectionprocess manufacturingpsexecpythonqilinquality controlquick healransomhubransomwarereconnaissanceremote accessremote servicesremoveresearchedretail traderhysidaruntime-modulesscanscannerscanning activityscripting attacksservice scansfx loadersignedsliver payloadsmbsmilesocial engineeringsoftware exploitationsourcesouth americassl vpnsupply chain attacksupply chain managementsystem disruptiont1003t1003.001t1003.004t1016t1018t1021t1021.001t1021.002t1027t1036t1036.005t1041t1046t1048t1048.003t1053t1053.001t1053.002t1053.005t1055t1057t1059t1059.001t1059.003t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1082t1083t1086t1090t1105t1110t1110.001t1110.002t1110.003t1113t1133t1136t1136.001t1187t1190t1199t1203t1204.002t1210t1213t1213.002t1218t1219t1482t1486t1490t1496t1497t1499.002t1499.003t1543t1543.003t1547t1547.001t1555t1555.003t1555.004t1560t1560.001t1561t1562t1562.001t1563t1565t1566t1566.001t1566.002t1566.003t1567t1567.002t1569.002t1570t1574t1574.002t1588t1589.001t1595.001t1595.002t1595.003ta machinethreatthreat actorthreat responsetimetooltor nodeunitveeamvpnvpn exploitationvpn kalivps hosting ipvulnerabilityvulnerability scanwealth managementwin32 malwarewindowswindows malwarewinrarwinscpxloaderyarazenseczip archive

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

90%

Confidence

Reports

First seenMar 28, 2023

Last seenJun 9, 2026

VirusTotal

Not checked

WHOIS

description: PE32 executable (GUI) Intel 80386, for MS Windows
references: https://zensec.co.uk/blog/unmasking-akira-the-ransomware-tactics-you-cant-afford-to-ignore/, https://www.esentire.com/blog/nitrogen-campaign-2-0-reloads-with-enhanced-capabilities-leading-to-alphv-blackcat-ransomware

`26d5748ffe6bd95e3fee6ce184d388a1a681006dc23a0f08d53c083c593c193b`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy