Argamal: Malware Hidden in Hentai Games

    Thursday, June 4, 2026 In: Threat Research Print

    Date: 06/04/2026

    Severity: High

    Summary

    Argamal is a newly identified malware family distributed through infected hentai games hosted on file-sharing platforms. Once a victim launches the game, a malicious implant is installed and later downloads additional Trojan payloads, enabling full system compromise and remote control by attackers. The malware achieves persistence through COM hijacking, allowing it to execute automatically at user login and maintain long-term access to infected systems.

    Indicators of Compromise (IOC) List 

    Domains/URLs

    asper1.freeddns.org

    Winst0.kozow.com

    Country1.ignorelist.com

    https://github.com/gmz159/u

    https://github.com/DnyP/files

    https://github.com/mgzv/p

    IP Address

    186.158.223.35

    Hash

    76253fb55aed707440e808ea78e7101318436b1c

    1405a3c5e0aeb08012484134e16cdec4ab29b4a4

    535f4337f261b6da20a3c614eb13270bed2d533a

    d2cb0d7a9ad2b5d4ea7c2da8aec62beb37cf36d6

    e05f1767c2a337910ed75e90288838d6d0541164

    dad26f61da7b8bccc78364411812be74c025b475

    29f1d346a6e71774c7dad25b90f446b2974393df

    e815a9b418d09c2d4bcd074c2c0bc21406eeb22f

    17f8f8f34dfa737f36182fed7ff9e9814a114058

    954722b0c9c678b1313d1f8b204e102842dc5889

    69331cfdac792dc79240e6a6bb6e803eabd70beb

    901cfa97b1baaf908fd4a02bb52d970f576c4193

    5f1f3689bcf23de1b280b5f35712946da0f7978f

    c2d9d48b3b10bd58cdf5df9463e3ffcd60533ff3

    2423a5bf0fa7cb9ec09211630a5488629499691b

    ae4601a19d28332a3ec6ac31b385cdf53be53450

    9803604ec45f31f9ef75bcca1e1310d8ac1fc3a6

    edce72f59e4c1d136cd1946af70d334c19df858d

    02819d200d1424882af81cb504b3e8614b32397a

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    Detection Query 1 :

    domainname like "asper1.freeddns.org" or url like "asper1.freeddns.org" or siteurl like "asper1.freeddns.org" or domainname like "https://github.com/gmz159/u" or url like "https://github.com/gmz159/u" or siteurl like "https://github.com/gmz159/u" or domainname like "Winst0.kozow.com" or url like "Winst0.kozow.com" or siteurl like "Winst0.kozow.com" or domainname like "https://github.com/mgzv/p" or url like "https://github.com/mgzv/p" or siteurl like "https://github.com/mgzv/p" or domainname like "https://github.com/DnyP/files" or url like "https://github.com/DnyP/files" or siteurl like "https://github.com/DnyP/files" or domainname like "Country1.ignorelist.com" or siteurl like "Country1.ignorelist.com" or url like "Country1.ignorelist.com"

    Detection Query 2 :

    dstipaddress IN ("186.158.223.35") or srcipaddress IN ("186.158.223.35")

    Detection Query 3 :

    sha1hash IN ("9803604ec45f31f9ef75bcca1e1310d8ac1fc3a6","ae4601a19d28332a3ec6ac31b385cdf53be53450","1405a3c5e0aeb08012484134e16cdec4ab29b4a4","dad26f61da7b8bccc78364411812be74c025b475","535f4337f261b6da20a3c614eb13270bed2d533a","02819d200d1424882af81cb504b3e8614b32397a","d2cb0d7a9ad2b5d4ea7c2da8aec62beb37cf36d6","954722b0c9c678b1313d1f8b204e102842dc5889","edce72f59e4c1d136cd1946af70d334c19df858d","2423a5bf0fa7cb9ec09211630a5488629499691b","76253fb55aed707440e808ea78e7101318436b1c","901cfa97b1baaf908fd4a02bb52d970f576c4193","17f8f8f34dfa737f36182fed7ff9e9814a114058","e05f1767c2a337910ed75e90288838d6d0541164","29f1d346a6e71774c7dad25b90f446b2974393df","e815a9b418d09c2d4bcd074c2c0bc21406eeb22f","69331cfdac792dc79240e6a6bb6e803eabd70beb","5f1f3689bcf23de1b280b5f35712946da0f7978f","c2d9d48b3b10bd58cdf5df9463e3ffcd60533ff3")

    Reference:    

    https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/                       


    Tags

    MalwareTrojanCOM Hijacking

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.