IOC Radar
SHA256MediumSignal 79/100

badf4752413cb0cbdc03fb95820ca167f0cdc63b597ccdb5ef43111180e088b0

Location
PeruPeru
First Seen
Apr 1, 2025
Last Seen
Jun 28, 2026
Apr 1
First Seen
457d ago
Jun 28
Last Seen
3d ago
8
Reports
source reports
79%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Feed Intelligence Summary

8 reports79% confidence
8
Source reports
79%
Confidence score
Category tags
abuseacademic institutionsactive scanahsalberta health servicesansianti-debugantidebugapi keyaptapt activityapt activity detectedarctic wolfautostart entryautostart persistencebad reputationbase64base64 encodingboot executionbotnetbotnet activitybrute forcecanadacivil servicesclickclick-based attackclosecodecode executioncode injectioncommand and controlcommand executioncommunication protocolcommunication technologiescontactcovenant healthcredential accesscredential stuffingcve listdatadata encryptiondata exfiltrationdata store exposuredefense evasiondescdesktopdetect-debug-environmentdistributed attacksdll injectiondrop yourdynamic analysiseducationeducational resourceseducational serviceseducational technologyelectronic health recordsencryptionendpoint detectionerrorexploitation activityextortionfailfallfalsefigfilefile-hashfileless malwarefilesfilescan.io iocsfirstformatgovernment technologyhealth care and social assistancehealth information technologyhealthcare information systemshigher educationhospital managementhttp scannerhx83xechybridhybrid analysisidentity & access exploitationidleindicatorinfoinformation technologyinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassinquest labsintegrity checkingiocit infrastructurejavascript payloadjitu urljs filek-12 educationknown-distributorlegitlnk filelnk file executionlooklooksmalicious downloadmalicious linksmalicious powershell activitymalicious softwaremalwaremalware analysismalware analysis reportmalware detectionmalware distributionmalware executionmalware filemalware indicatorsmd5medical servicesmemory injectionmeowmicrosoft wordmicrosoft word exploitationmobile carriersmobile networksmodelmon junmore_eggsmore_eggs malwaremz createdmz header detectedmz imagemz imagecreatednextno problemsnorth americanotes supportedonlineopenoperating systemowner rightspathpath traversalpatient carepe filepeexeperuphishingpleaseplease notepowershellprivacy policyprivilege escalationprocess injectionprocess manipulationprocess monitoringprocess validationpublic administrationpublic infrastructurepublic policyransomwareregistry modificationregulatory agenciesremote servicesresearchedresources apirogersruntime datasandboxsandbox reportscanidscheduled task creationscripting attackssecurity operationsserviceservice installationservice processsg2backup driveshellsocial engineeringsoftware developmentsouth americaspyeyestaticstatic analysisstopstringssubmitswitchsystem disruptionsystem32 filet1003t1007t1012t1021t1021.001t1027t1033t1036t1053.005t1055t1057t1059t1059.001t1059.003t1059.007t1060t1068t1069.001t1070t1071t1071.001t1074t1078t1082t1083t1086t1105t1106t1112t1115t1129t1135t1189t1190t1204t1204.001t1204.002t1480t1486t1489t1490t1496t1497t1499.002t1499.003t1518t1543t1547t1547.001t1547.004t1562t1564t1564.001t1565t1566t1566.001t1574t1574.001t1587.001t1590.001t1620telecom servicestelecommunicationstelustext file iocsthor apt scannerthreat actorthreat intelligencetor nodetrashtrimtrojantrojan malwaretypeualbertauk and irelandunicodeuploaduser executionvaluevenom spidervetting processvirusvulnerability scanweb application attackweb application exploitationweb exploitationweb trafficwin32 malwarewindowwindowswindows malwarexcopy

Activity Timeline

1 total obs
Jun 28Jun 28

Threat Activity Heatmap

· Peak: 2026-06-28
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
8
Reports
First seenApr 1, 2025
Last seenJun 28, 2026

VirusTotal

Not checked

WHOIS

description
PE32+ executable (console) x86-64, for MS Windows
references
Bitch-On-Wheels_files_md5s.csv, 832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431, f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5, 902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106, https://hybrid-analysis.com/sample/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://tria.ge/250729-s1vysaywgy, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3, https://polyswarm.network/scan/results/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/a3528542-a121-4351-91fe-de5aab327fe2/overview, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/3c22777d-9fa3-4d67-a00a-8aa505154874/overview, https://metadefender.com/results/file/bzI1MDcyOV9QRkdmNWZwSkhvMG11YWczRVZMRw_mdaas, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/5fdda54a-0164-4d4e-a248-d07ec3780d8a/overview, https://app.threat.zone/submission/ef60d9bd-bd97-4859-8e58-4f670d1f1783/overview, https://www.filescan.io/uploads/6888ec9fa16348d835f2f6d3/reports/21f7ed2c-7815-49f0-8697-998b341df34a/overview, https://tip.neiki.dev/file/9c8ee51b61019f9820cd151b3f3a5a9a0309787a46bd37fa877c5c95b633b5cb, https://hybrid-analysis.com/sample/f66f2b730bec1c6927aa86503dfb22fc8d03a2f9e871ae6269d2a3ed29dc48e5, https://hybrid-analysis.com/sample/902574c9ffd06678d769ae3db96b3957269c45617ad8e2feead4d02f5f3da106/6888ec5bd7a73585560d2ddd, https://hybrid-analysis.com/sample/832dde85e22a6de8081cdb46fcc7d8f2ae104bbdae54c5dc75d2a6272a0bd431/6888ec5cfd974c2a5b0f1cfa, https://hybrid-analysis.com/sample/12f05b32365a6fc40b30d108ea0dc730f662c6ee48c0feccf7cb43263a0a8166/6888ec5d423dabf7de0872d7

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 8 threat reports