MD5MediumSignal 79/100

`62d09f076e6e0240548c2f837536a46a`

Location

Peru

First Seen

Dec 19, 2024

Last Seen

Jun 9, 2026

Dec 19

First Seen

539d ago

Jun 9

Last Seen

2d ago

Reports

source reports

79%

Confidence

medium

Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

MD5 Hash

MD5 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

MD5

Confidence

79%

Signal Score

79 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

87 techniques

Feed Intelligence Summary

7 reports79% confidence

Source reports

79%

Confidence score

Category tags

aaaaabuseaccount compromiseadobe stockadobe systemsaerospace & defenseanomalyantiguaapisappleapple webkitapple_webkitascii textassociated urlsaustria austriaautoautoitav-evasionavast avgbad trafficbarbuda asnbase64 encodingbboxblackbodybotnetbrowserbrowser hijackingc2 communicationc2 fourthstagec2 httpc2s indicatorcexpxg .xyzchecks-user-inputchromecivil servicesck idck matrixclick-based attackclosecloud servicescloud storagecnamecnccobalt strikecode executioncode injectioncomkxjs .xyzcommandcommand and controlcommand executioncommunication technologiescompromised websitecompromised websitesconnections droppedcontacted hostscorecreation datecredential harvestingcredential theftcrlf linecryptocurrency threatscryptojackingdata accessdata copyingdata encryptiondata exfiltrationdata theftdata transferdefensedefense contractingdefense evasiondefense logisticsdefense systemsdefense technologydesktopdetect-debug-environmentdirect-cpu-clock-accessdiscorddistributed attacksdiv divdoenerium stealerdrive-by compromisedropbox 4xxdropbox plusdropbox spywaredropperdynamicloaderencryptenergyenergy distributionenterprise securityentrieserreurerroret malwareeuropeevasion defenseevasion techniquesexfiltrationexploitextortionextra windowfailurefalsefile-hashfilesfiles showfinanceflagformatfoundfourth stage malwaregenericgithubgithub hostinggoogle safegovernment technologygreenhellokittyhighhigher educationhookwowlow junhttp attackhybrididleillegal streaming sitesim relatedindicatorinformation retrievalinformation stealerinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassinvalid-signatureit infrastructurelarge-scale infostealer campaignlearnlegitlinklocallong-sleepslowfilummalumma stealermalicious activitymalicious linksmalicious powershell activitymalicious softwaremalvertisingmalwaremediummemorymetadata analysismicrosoft defendermilitary operationsmitre attmobile carriersmobile networksmovedmsilmulti-stage attackmultiple attacksname tacticsnational securitynetherlandsnetsupport ratnetwork communicationnetwork relatednetwork trafficnextnext associatednitrogennorth americansisoil & gasoil and gasoperating systemorg domainsoverlaypacwpw .xyzpassive dnspatch managementpath traversalpattern matchpeexeperupetyaphishingphotos cs3power generationpower systemspresent aprpresent julpresent junprocessprocess detailsprocess injectionprojectproxypsexecpublic administrationpublic infrastructurepublic policyransomransomwareratratsregulatory agenciesrelated cncremote access trojanremote servicesrenewable energyresearchedresource hijackingresults aprri falsekrlengthrozenaruntime-moduless.ashxscriptscripting attackssearchsecond stage malwareserver responseserversserviceservice exploitationshowshow processshow techniqueshowingsignedsnakesocial engineeringsocial media securitysoftware developmentsoftware vulnerabilitiessouth americaspanspan spanspawnsspyware activity detectedspyware/information retrieval activitysqgzl .xyzstatusstealerstealer relatedsteamsteam communitystock photosstorm-0408streamstringsswedensynapsesystem disruptiont1003t1003.001t1005t1011t1012t1018t1021t1021.001t1027t1030t1036t1036.003t1041t1045t1049t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.005t1059.007t1068t1069.001t1070t1071t1071.001t1078t1081t1082t1083t1086t1090t1104t1105t1113t1114t1123t1125t1127t1129t1140t1176t1189t1190t1204t1204.001t1204.002t1210t1218t1218.005t1480t1480 executiont1486t1489t1490t1491t1496t1497t1499.001t1499.002t1499.003t1530t1547t1547.001t1553t1555t1560t1565t1566t1566.001t1566.002t1566.003t1567t1568t1569.002t1573t1584t1587.001t1588t1588.006t1590t1590.001t1590.002tabletelecom servicestelecommunicationsthemida junthreat actortimegeneratedtls handshaketls snitrojan malwaretrojandroppertrsuv .xyztwittertypetype httptype httpsunitedunited statesunurew .xyzurarfx .xyzurlsurls indicatoruser agentuser executionvirgin islandsvulnerability scanwaveweb application exploitationweb exploitationweb securitywin32 malwarewindowwindow memorywindowswindows malwarewritexmpgxobjectyara detections

Activity Timeline

1 total obs

Jun 9Jun 9

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

79%

Confidence

Reports

First seenDec 19, 2024

Last seenJun 9, 2026

VirusTotal

Not checked

WHOIS

description: PE32 executable (GUI) Intel 80386, for MS Windows
references: https://www.microsoft.com/en-us/security/blog/2025/03/06/malvertising-campaign-leads-to-info-stealers-hosted-on-github/, 146.112.61.107 (146.112.48.0/20) AS 36692 ( CISCO UMBRELLA ) US, IDS Detections: Win32/Lumma Stealer Related • CnC Domain in DNS Lookup (pacwpw .xyz), Lumma Stealer CNC {FILEHASH SHA256 bc9c5c8dfdcf0d2a321478207b0870274fba25b93075fc987768623237973646} t.me / Dropbox, Win32/Lumma Stealer Related CnC Domain in DNS Lookup (comkxjs .xyz) (unurew .xyz) (trsuv .xyz), Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sqgzl .xyz) (cexpxg .xyz) (cexpxg .xyz) (urarfx .xyz), Win.Exploit.Rozena {FileHash-SHA256 21fb4fdce85ab75430e18d9362a35f61dcaeb628c28836403472c054d6ceab8c}, Lumma Stealer https://t.me/pizdenka202020 / t.me, Query to a *.top domain - Likely Hostile 192.168.122.95 1.1.1.1 SHOWING 1 TO 22 OF 22 ENTRIES HTTP Request Get 1 Post 2 Put 0 Delete 0 URL HOST PORT METHOD USER AGENT https://steamcommunity.com/profiles/76561199863199067 steamcommunity.com 443 GET N/A { "src": "192.168.122.95", "sport": 49227, "dst": "23.59.52.127", "dport":, "protocol": "https", "method": "GET", "host": "steamcommunity.com", "uri": "/profiles/76561199863199067", "status": 200, "request": "GET /profiles/7656119986319, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Safari/537.36, (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Length: 30038 Host: accsrf.top, https://labs.inquest.net/iocdb, https://app.any.run/tasks/71e7d9e0-4f0f-43ee-8396-3eaa131f81a0

`62d09f076e6e0240548c2f837536a46a`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy