MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1abf8fd9150b13db4ef79afaaa07f401c47ef8274b019f29f8361d9f47a3185b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1abf8fd9150b13db4ef79afaaa07f401c47ef8274b019f29f8361d9f47a3185b
SHA3-384 hash: 4a648f24e0383116be9ec2a23ac724abf57073cb063a987312b0449776bd95f25eac2a72a784ca63c96a008b5c331856
SHA1 hash: bcd6007f7ed4b787861c12c20a75a5984bdcaae6
MD5 hash: b40087f5518e29e45427c1300194057e
humanhash: charlie-maine-network-venus
File name:rs.bat
Download: download sample
File size:184 bytes
First seen:2022-08-04 06:24:29 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 3:VSJJFItGQqPJH0cVERAIrFrNU7etwrWXLhzAKCtlikWgROPJVgVOZo0aUUR/OPsB:s80QO0cboN1zDtkWgRSJVgVOPI/SkX
TLSH T109C022A68209E7E8860FC9CAC2A58422D61F35C5E2B1A5C2F3294D08C410528F238B02
Reporter 1ZRR4H
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
289
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
rs.bat
Verdict:
Suspicious activity
Analysis date:
2022-08-04 08:07:11 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7bbfeab8-cce3-4e92-82b5-739d5a28cfde

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
powershell
Link:
https://www.filescan.io/uploads/62eb66b66336465f2a0dbf1d/reports/0d029d19-4ddc-43f9-a2b7-1d7d4226ad24/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1046371
Signature
Antivirus detection for URL or domain
Bypasses PowerShell execution policy
Multi AV Scanner detection for domain / URL
Sigma detected: Powershell Download and Execute IEX
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 678866 Sample: rs.bat Startdate: 04/08/2022 Architecture: WINDOWS Score: 68 16 Multi AV Scanner detection for domain / URL 2->16 18 Antivirus detection for URL or domain 2->18 20 Sigma detected: Powershell Download and Execute IEX 2->20 6 cmd.exe 1 2->6         started        process3 signatures4 22 Bypasses PowerShell execution policy 6->22 9 powershell.exe 14 28 6->9         started        12 conhost.exe 6->12         started        process5 dnsIp6 14 193.149.176.134, 8000 DANISCODK Denmark 9->14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1abf8fd9150b13db4ef79afaaa07f401c47ef8274b019f29f8361d9f47a3185b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dk7y7wivbmj5wtxxtl5kub7uahch56bhjmaz6kpygyoz6r5ddbnq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1abf8fd9150b13db4ef79afaaa07f401c47ef8274b019f29f8361d9f47a3185b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat 1abf8fd9150b13db4ef79afaaa07f401c47ef8274b019f29f8361d9f47a3185b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2264666/
  
Delivery method
Distributed via web download

Comments