MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf
SHA3-384 hash:	9c9a492a19cf21ea3a5d25eb91ad468def9b43a02633f71d80c3a026dc484c05353c54ba635a60b94d0ac935aefa3e79
SHA1 hash:	999a425666dad19c246db0775b9cec8d930b40a2
MD5 hash:	642f66c6c6b7cfbe0da921ea030df0cb
humanhash:	helium-early-oklahoma-early
File name:	HJ3ytbqpne2tsJTEJi2D8s0hWo172A0aT.ps1
Download:	download sample
File size:	1'774 bytes
First seen:	2024-01-06 16:27:16 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	48:enT61oWQO/Unh6eOz2MuCxz5I2pJ1vD36Kl:eTuvpeOCMuCU2pb7qKl
TLSH	T1B23110C4BF0DD08A0A36A56DF527A620D476E04B125FA460FCDC86C55FB0B39F8D4BA2
Reporter	1ZRR4H
Tags:	ps1

Intelligence

File Origin

# of uploads :

# of downloads :

201

Origin country :

Vendor Threat Intelligence

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/65997f92784d3498d73852ef/reports/4408263b-2f7c-4f59-a71f-8a2cdfc81218/overview

Verdict:

Malicious

Labled as:

Trojan.Agent

Link:

https://www.hybrid-analysis.com/sample/1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf

Result

Verdict:

MALICIOUS

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/1370772

Signature

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

74%

Verdict:

Malware

File Type:

ASCII

Link:

https://malprob.io/report/1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf/

Threat name:

Script-PowerShell.Backdoor.FoodDropper

Status:

Malicious

First seen:

2024-01-06 16:28:04 UTC

File Type:

Text (PowerShell)

AV detection:

7 of 23 (30.43%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dlkorjtgqlp6osma52mrqzix4jnidpjl6afk7o5pxloduy6n2s7q._file

Verdict:

unknown

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://tria.ge/reports/240106-tym1tsdcf6/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Blocklisted process makes network request

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/1ad4e8a66682dfe74980ee99186517e25a81bd2bf00aafbbafbadc3a63cdd4bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample