MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386
SHA3-384 hash: 5a189f7a834790fb45ee7a932d36d87206d3b3b3d9fc9804d392adedf9e97eaaff4bed720950faa1f31bd7d35593a2d2
SHA1 hash: e8d791c53e04186020310a26db225ef4ba5be40f
MD5 hash: 4665b3907ab5fc2903d954eb3c1f0fb6
humanhash: arkansas-coffee-mobile-delta
File name:script.js
Download: download sample
File size:640 bytes
First seen:2024-05-27 07:24:34 UTC
Last seen:Never
File type:Java Script (JS) js
MIME type:text/plain
ssdeep 12:K1aICcQfC2IkIswaICcQfC2FoswaICcQfC2RVJaICcQfC28Z81faICcQfC2vnO9I:tcQK2IkI+cQK2u+cQK2scQK2Q81qcQKu
TLSH T14DF0261DAD26DA0C06886213A045B8C0F239035EA2B469F0EBD3CE7805451F0357FB4C
Reporter lontze7
Tags:AMSIBypass js


Avatar
lontze7
Downloaded from http://67.205.154.243:30327/script1[.]js.

Intelligence

File Origin
# of uploads :
1
# of downloads :
363
Origin country :
GR GR
Vendor Threat Intelligence
Detection(s):
Win.Trojan.PowerMacro-5942596-0
Create hunting rule

Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
88%
Link:
https://www.filescan.io/uploads/665435519c0b71aaf5293e2c/reports/efb86496-6d42-4000-869f-ef0eb77f2821/overview
Verdict:
Malicious
Labled as:
BZC.PZQ.Boxter.987
Link:
https://www.hybrid-analysis.com/sample/150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1447854
Signature
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: WScript or CScript Dropper
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386/
Threat name:
Script-PowerShell.Trojan.AmsiBypass
Create hunting rule
Status:
Malicious
First seen:
2024-05-27 07:25:05 UTC
File Type:
Text (PowerShell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cugzpcqxmdzyq5oo7tdldfu2dmjcstpczxjytdhx6em4v2jluoda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/240527-h8ydrscc9w/
Behaviour
Command and Scripting Interpreter: JavaScript
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Java Script (JS) js 150d978a1760f38875cefcc6b1969a1b12294de2cdd3898cf7f119cae92ba386

(this sample)

  
Delivery method
Distributed via web download

Comments