MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 10bd91ba36cabea0d4a6f09b7ca380681c62b73e5dc01ad02cfbacfb0a2a6eb7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Pikabot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	10bd91ba36cabea0d4a6f09b7ca380681c62b73e5dc01ad02cfbacfb0a2a6eb7
SHA3-384 hash:	74a6b6248dedcdeb7a96850077a2993d614e1a6d7d79d42a2662b6de58d5bd9518606aa0872c7184a839d125ff412ccb
SHA1 hash:	6b28f558471f5ee4f305e2772742bfede49580eb
MD5 hash:	446b0969676e89059e1c4890687e7901
humanhash:	indigo-cup-nuts-lima
File name:	Uqrpron.js
Download:	download sample
Signature	Pikabot Create hunting rule
File size:	209'785 bytes
First seen:	2023-05-25 13:39:55 UTC
Last seen:	Never
File type:	js
MIME type:	text/plain
ssdeep	3072:sXEVmrr4l1qDvatIVFcWwblWrj6/ns5JoDXn0Pns:GEVRDqDvatIVifQJorKs
TLSH	T14C24C7804B6514724B577E2A6B30A4A6DBBE0E3582CD5A8BF45F7260F7DE68CCCD1720
TrID	65.2% (.CFC) ColdFusion Component (with rem) (7500/1/1) 34.7% (.S) Digital Micrograph Script (4000/1/1)
Reporter	Mangusta
Tags:	js Pikabot

Intelligence

File Origin

# of uploads :

# of downloads :

296

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.29031.BadJs.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/646f653566909cc8cb11fd67/reports/29e51ea5-e829-4ad4-9373-4e869a55d17b/overview

Verdict:

Malicious

Labled as:

Trojan.Cryxos.JS

Link:

https://www.hybrid-analysis.com/sample/10bd91ba36cabea0d4a6f09b7ca380681c62b73e5dc01ad02cfbacfb0a2a6eb7

Result

Verdict:

MALICIOUS

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1242628

Signature

Encrypted powershell cmdline option found

Multi AV Scanner detection for submitted file

Very long command line found

Wscript starts Powershell (via cmd or directly)

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/10bd91ba36cabea0d4a6f09b7ca380681c62b73e5dc01ad02cfbacfb0a2a6eb7/

Threat name:

Script-JS.Trojan.Cryxos

Status:

Malicious

First seen:

2023-05-25 12:47:49 UTC

File Type:

Text

AV detection:

6 of 36 (16.67%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cc6zdorwzk7kbvfg6cnxzi4anaogfnz6lxabvubm7owpwcrkn23q._file

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/230525-s9b72abb25/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Checks computer location settings

Blocklisted process makes network request

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/10bd91ba36ca/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Distributed via e-mail link

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample