SHA256MediumSignal 100/100
e48e9f4b2cccea896e0685e3d1c8fc6fe4a25c4bdbe81704c5a15613cc223d85
Location
First Seen
Jul 6, 2025
Last Seen
Feb 7, 2026
Found in 4 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
SHA-256 Hash
SHA-256 file hash — primary identifier for malware samples.
MISP Category
Artifacts Dropped
Hash Algorithm
SHA256
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Feed Intelligence Summary
4 reports99% confidence
4
Source reports
99%
Confidence score
Category tags
aaaaabuseaccount compromiseadobe stockadobe systemsantiguaappleapple webkitapple_webkitascii textaustria austriaavast avgbad trafficbarbuda asnbodybrowserbrowser hijackingcexpxg .xyzchromeck idck matrixcloud servicescloud storagecnccode executioncode injectioncomkxjs .xyzcommandcommand and controlcommand executioncommunication technologiesconnections droppedcontacted hostscreation datecredential theftcrlf linedata accessdata copyingdata encryptiondata exfiltrationdata theftdata transferdefense evasiondesktopdiv divdropbox 4xxdropbox plusdropbox spywaredynamicloaderentrieserreurerroret malwareexfiltrationexploitextortionfailurefile-hashfilesfiles showflagfoundgoogle safehighhookwowlow junindicatorinformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinput validation bypassit infrastructurelearnlinklocallowfilummamalicious linksmalicious softwaremalwaremediummetadata analysismitre attmobile carriersmobile networksmovedmsilmultiple attacksname tacticsnetwork trafficnextnext associatednitrogennorth americaoperating systemorg domainsoverlaypacwpw .xyzpassive dnspath traversalpattern matchpeexeperupetyaphishingphotos cs3present aprpresent julpresent junprocess detailsprocess injectionproxyransomransomwarerelated cncremote servicesresearchedresults aprrozenascriptsearchserver responseserversshowshow processshow techniqueshowingsnakesocial media securitysoftware developmentsouth americaspanspan spanspawnssqgzl .xyzstatusstealerstealer relatedsteamsteam communitystock photossynapsesystem disruptiont1005t1011t1021t1021.001t1027t1030t1036.003t1041t1045t1053t1055t1057t1059t1068t1069.001t1070t1071t1071.001t1078t1081t1083t1105t1189t1190t1204t1204.001t1210t1218t1480t1480 executiont1486t1490t1499.001t1547t1553t1555t1560t1565t1566t1566.001t1566.003t1568t1587.001t1590.001t1590.002telecom servicestelecommunicationsthemida juntls handshaketls snitrojan malwaretrojandroppertrsuv .xyzunitedunited statesunurew .xyzurarfx .xyzurlsvirgin islandswaveweb application exploitationweb securitywin32 malwarewindowwindows malwarewriteyara detections
Activity Timeline
Feb 7Feb 7
Threat Activity Heatmap
· Peak: 2026-02-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
4
Reports
First seenJul 6, 2025
Last seenFeb 7, 2026
VirusTotal
Not checked
WHOIS
- description
- PE32 executable (GUI) Intel 80386, for MS Windows
- references
- 146.112.61.107 (146.112.48.0/20) AS 36692 ( CISCO UMBRELLA ) US, IDS Detections: Win32/Lumma Stealer Related • CnC Domain in DNS Lookup (pacwpw .xyz), Lumma Stealer CNC {FILEHASH SHA256 bc9c5c8dfdcf0d2a321478207b0870274fba25b93075fc987768623237973646} t.me / Dropbox, Win32/Lumma Stealer Related CnC Domain in DNS Lookup (comkxjs .xyz) (unurew .xyz) (trsuv .xyz), Win32/Lumma Stealer Related CnC Domain in DNS Lookup (sqgzl .xyz) (cexpxg .xyz) (cexpxg .xyz) (urarfx .xyz), Win.Exploit.Rozena {FileHash-SHA256 21fb4fdce85ab75430e18d9362a35f61dcaeb628c28836403472c054d6ceab8c}, Lumma Stealer https://t.me/pizdenka202020 / t.me, Query to a *.top domain - Likely Hostile 192.168.122.95 1.1.1.1 SHOWING 1 TO 22 OF 22 ENTRIES HTTP Request Get 1 Post 2 Put 0 Delete 0 URL HOST PORT METHOD USER AGENT https://steamcommunity.com/profiles/76561199863199067 steamcommunity.com 443 GET N/A { "src": "192.168.122.95", "sport": 49227, "dst": "23.59.52.127", "dport":, "protocol": "https", "method": "GET", "host": "steamcommunity.com", "uri": "/profiles/76561199863199067", "status": 200, "request": "GET /profiles/7656119986319, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Safari/537.36, (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Content-Length: 30038 Host: accsrf.top
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 months ago
Appeared in 4 threat reports