ThreatFox IOC Database

You are viewing the ThreatFox database entry for sha256_hash 0ae3916addf8682d9b571a8602b1936eb2afd095872246fa9417223edad697f8.

Database Entry

IOC ID:	1805020
IOC:	0ae3916addf8682d9b571a8602b1936eb2afd095872246fa9417223edad697f8
IOC Type :	sha256_hash
Threat Type :	payload
Malware:	SmartApeSG
Malware alias:	HANEYMANEY, ZPHP
Confidence Level :	Confidence level is high (90%)
Is compromised? :	False
First seen:	2026-05-03 07:33:16 UTC
Last seen:	never
UUID:	03acf73e-4683-11f1-8759-42010aa4000a
Reporter	Lenny_3BO
Reward	5 credits from ThreatFox
Tags:	ClickFix powershell SmartApeSG stager

Lenny_3BO

SmartApeSG ClickFix Stage-1 PowerShell stager (sleestak_payload_1.ps1, 1896 B). Fetches stage-2 from hxxps://getprismledger[.]com/pop (203[.]96[.]177[.]124). UA Mozilla/5.0 (Windows NT 6.1; Microsoft Windows 6.1.7601 S; en-US) PowerShell/6.1.0. Evasion: extended sleep, VM-awareness, process enumeration, PS logging check.