MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294
SHA3-384 hash: 41f812e137befc9d78d8e4a9c5c0aa4a1a663b2b7c8543e2589890d296224775fc2f5c7115cf3bc8531a87351e858580
SHA1 hash: 803ce49d77f3f94d04d7d2aefd26127644889daa
MD5 hash: dfa6b624cbc76b78c0f374d8b324de34
humanhash: shade-spring-green-avocado
File name:file
Download: download sample
File size:1'824 bytes
First seen:2026-03-06 17:10:09 UTC
Last seen:2026-03-06 17:20:37 UTC
File type:unknown
MIME type:text/x-msdos-batch
ssdeep 24:wtOS6O3KfdpBwa2pdu4FOwfjJ396+4ef1jSvJfdA0VCCJlTQfsz8V7PCOwfjJ39z:CefpXY3o2jSv/A0v8Ve3s3UDrH
TLSH T14831E02778368210DBE056F89A1D3A61B757834BA701FFC5B3C16197A80B22687F06ED
Magika batch
Reporter Bitsight
Tags:dropped-by-amadey fbf543


Avatar
Bitsight
url: http://158.94.211.222/files/2070717540/IPvJTgG.bat

Intelligence

File Origin
# of uploads :
12
# of downloads :
28
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.UAC.Marte.B.58EE8509.19828.17953.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm asyncrat base64 cmd dropper evasive explorer fingerprint installer installer-heuristic lolbin powershell reconnaissance reg rundll32 runonce schtasks taskkill timeout
Link:
https://www.filescan.io/uploads/69ab0a7e97feb4afd670678e/reports/4490a5fb-f387-446f-9ca2-9d4e01b5cda2/overview
Verdict:
Malicious
Labled as:
UAC.Marte.B.Generic
Link:
https://www.hybrid-analysis.com/sample/05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294
Result
Gathering data
Score:
20%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294/
Verdict:
Malicious
Threat:
Family.ASYNCRAT
Link:
https://tip.neiki.dev/file/05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=axlpjzdcazptyxbxcb3v6fpznuzt746tl2tymbjwyyqi75gc6kka._file
Malware family:
AsyncRAT
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/05d6f4e46206/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:dgaaga
Create hunting rule
Author:Harshit
Description:Detects suspicious PowerShell or registry activity
Rule name:Disable_Defender
Create hunting rule
Author:iam-py-test
Description:Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 05d6f4e462065f3c5c3710775f15f96d333ff3d35ea7860536c6208ff4c2f294

(this sample)

  
Dropped by
Amadey
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3790836/

Comments