SHA1MediumSignal 89/100

`c5db4c757824227f8c2bb5894f1b03079b5f91ca`

Location

Peru

First Seen

Jul 6, 2025

Last Seen

Apr 7, 2026

Jul 6

First Seen

340d ago

Apr 7

Last Seen

65d ago

Reports

source reports

89%

Confidence

medium

Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

SHA-1 Hash

SHA-1 file hash associated with malicious samples.

MISP Category

Artifacts Dropped

Hash Algorithm

SHA1

Confidence

89%

Signal Score

89 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

44 techniques

Feed Intelligence Summary

4 reports89% confidence

Source reports

89%

Confidence score

Category tags

aaaaabuseaccount compromiseactive scanadobe stockadobe systemsantiguaappleapple webkitapple_webkitascii textaustria austriaavast avgbad reputationbad trafficbarbuda asnbodybrowserbrowser hijackingbrute forcecexpxg .xyzchromeck idck matrixcloud infrastructurecloud servicescloud storagecnccode executioncode injectioncomkxjs .xyzcommandcommand and controlcommand executioncommunication technologiesconnections droppedcontacted hostscreation datecredential stuffingcredential theftcrlf linedata accessdata copyingdata encryptiondata exfiltrationdata store exposuredata theftdata transferdefense evasiondesktopdiv divdns attackdropbox 4xxdropbox plusdropbox spywaredynamicloaderencryptionentrieserreurerroret malwareexfiltrationexploitexploitation activityextortionfailurefile-hashfilesfiles showflagfoundgoogle safehighhookwowlow junidentity & access exploitationindicatorinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinput validation bypassiot securityit infrastructurelearnlinklocallowfilummamalicious linksmalicious softwaremalwaremediummetadata analysismitre attmobile carriersmobile networksmobile threatmovedmsilmultiple attacksname tacticsnetwork trafficnextnext associatednitrogennorth americaoperating systemorg domainspacwpw .xyzpassive dnspath traversalpattern matchpeexeperupetyaphishingphotos cs3present aprpresent julpresent junprocess detailsprocess injectionproxyransomransomwarerelated cncremote servicesresearchedresults aprrozenascriptsearchserver responseserversshowshow processshow techniqueshowingsnakesocial media securitysoftware developmentsouth americaspanspan spanspawnssqgzl .xyzstatusstealerstealer relatedsteamsteam communitystock photossynapsesystem disruptiont1005t1011t1021t1021.001t1027t1030t1036.003t1041t1045t1053t1055t1057t1059t1068t1069.001t1070t1071t1071.001t1078t1081t1083t1105t1189t1190t1204t1204.001t1210t1218t1480t1480 executiont1486t1490t1499.001t1547t1553t1555t1560t1565t1566t1566.001t1566.003t1568t1587.001t1590.001t1590.002telecom servicestelecommunicationsthemida junthreat actortls handshaketls snitor nodetrojan malwaretrojandroppertrsuv .xyzunitedunited statesunurew .xyzurarfx .xyzurlsvirgin islandswaveweb application attackweb application exploitationweb securitywin32 malwarewindowwindows malwarewriteyara detections

Activity Timeline

1 total obs

Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

89%

Confidence

Reports

First seenJul 6, 2025

Last seenApr 7, 2026

VirusTotal

Not checked

WHOIS

description: PE32 executable for MS Windows (console) Intel 80386 32-bit
references: 146.112.61.107 (146.112.48.0/20) AS 36692 ( CISCO UMBRELLA ) US, IDS Detections: Win32/Lumma Stealer Related • CnC Domain in DNS Lookup (pacwpw .xyz), Lumma Stealer CNC {FILEHASH SHA256 bc9c5c8dfdcf0d2a321478207b0870274fba25b93075fc987768623237973646} t.me / Dropbox, Win32/Lumma Stealer Related CnC Domain in DNS Lookup (comkxjs .xyz) (unurew .xyz) (trsuv .xyz), Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sqgzl .xyz) (cexpxg .xyz) (cexpxg .xyz) (urarfx .xyz), Win.Exploit.Rozena {FileHash-SHA256 21fb4fdce85ab75430e18d9362a35f61dcaeb628c28836403472c054d6ceab8c}, Lumma Stealer https://t.me/pizdenka202020 / t.me, Query to a *.top domain - Likely Hostile 192.168.122.95 1.1.1.1 SHOWING 1 TO 22 OF 22 ENTRIES HTTP Request Get 1 Post 2 Put 0 Delete 0 URL HOST PORT METHOD USER AGENT https://steamcommunity.com/profiles/76561199863199067 steamcommunity.com 443 GET N/A { "src": "192.168.122.95", "sport": 49227, "dst": "23.59.52.127", "dport":, "protocol": "https", "method": "GET", "host": "steamcommunity.com", "uri": "/profiles/76561199863199067", "status": 200, "request": "GET /profiles/7656119986319, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Safari/537.36, (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Length: 30038 Host: accsrf.top

`c5db4c757824227f8c2bb5894f1b03079b5f91ca`

MITRE ATT&CK TTPs

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy