MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b
SHA3-384 hash: 6021f0ffec4b7789236fd7bc4c0779c1f119cda9c2734e7da3d214da5e1f906344cf552e44d9d801e6a19febd173a7c5
SHA1 hash: 8c7881e04b2ec0e4f352e531ad02a31e79a36b53
MD5 hash: 8df4ac24ea37d95679dda12bbdf3d021
humanhash: nevada-moon-florida-texas
File name:92.255.57_1.155.ps1
Download: download sample
File size:115'261 bytes
First seen:2024-12-29 08:48:17 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3072:kvUixeAKzAgnV8519yuKXwB4c4K15IiTksfUXLID5uzynrKMkHckRJs9Skjugil6:yeAKzAgnVwyuKXwB4c4K15IiTksfUXLW
TLSH T1C5B31A321103BD8EABBF2E45A9002DA04CDC65779B459548FDC906FA96BB9148F3DEB0
Magika powershell
Reporter JAMESWT_WT
Tags:92-255-57-155 booking ps1 Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
137
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Script.SNH-gen.30211.14417.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67710d001bb06b88847934a5
Tags:
stealer virus sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
confuserex fingerprint ipconfig net obfuscated strelastealer
Link:
https://www.filescan.io/uploads/67710cffa561e5a2873b6ebe/reports/3a24b659-4bd2-4ff4-ab49-8803581f1561/overview
Verdict:
Malicious
Labled as:
Trojan[Dropper]/Agent.a
Link:
https://www.hybrid-analysis.com/sample/1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
80 / 100
Link:
https://www.joesandbox.com/analysis/1581904
Signature
AI detected suspicious sample
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Uses ipconfig to lookup or modify the Windows network settings
Writes to foreign memory regions
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-12-25 06:23:55 UTC
File Type:
Text (PowerShell)
AV detection:
3 of 38 (7.89%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cqlychtn6t5gkwvhbi4ii46vpzjjkjthiai72yfb5jllqzuecgfq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/241229-kq1ghsxpe1/
Behaviour
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1417811e6df4fa655aa70a388473d57e529526674011fd60a1ea56b86684118b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments