MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Rhadamanthys


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576
SHA3-384 hash: bbc1c4adb3517856aba4269e88b446434a487565ac7996bece1da2d894737cc965bea9ebf0d0e14e4d778f64155ce2a5
SHA1 hash: 78e02509d114dee304e26bd4691713a2c5e1e9ff
MD5 hash: 1e85b7dc6d4207412cbfa54905067a54
humanhash: illinois-venus-kilo-london
File name:1e85b7dc6d4207412cbfa54905067a54.bat
Download: download sample
Signature Rhadamanthys
Create hunting rule
File size:369 bytes
First seen:2024-12-04 13:19:50 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 6:hSG81R3KuX85AwgJrsHmhrBqSyl75EuH1MFCv8STFx755yjSAwgJrsHmhrBSyylG:0G81kTQJrDhr0SylFt1M40WFxF52JrDj
TLSH T178E0862223BD4706DA318178E5F22B83F687B3938583BF165106FAAC94DC0577AE8542
Magika batch
Reporter abuse_ch
Tags:bat Rhadamanthys

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1e85b7dc6d4207412cbfa54905067a54.bat
Verdict:
Malicious activity
Analysis date:
2024-12-04 13:23:44 UTC
Tags:
loader
Link:
https://app.any.run/tasks/3017e61c-6918-4d7d-be7e-38ee9ad78f73

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6750581e12e85e185e75ab0e
Tags:
gumen virus shell overt
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
Connection attempt
Searching for the window
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
dropper kiosk powershell
Link:
https://www.filescan.io/uploads/6750570ee5f1046769296f42/reports/a2832627-0709-4ce8-b6af-ecb856ce6af0/overview
Verdict:
Malicious
Labled as:
BZC.PZQ.Boxter.928
Link:
https://www.hybrid-analysis.com/sample/1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1568271
Signature
AI detected suspicious sample
Antivirus detection for URL or domain
Connects to many ports of the same IP (likely port scanning)
Loading BitLocker PowerShell Module
Suspicious powershell command line found
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1568271 Sample: 4l5IFxl9t3.bat Startdate: 04/12/2024 Architecture: WINDOWS Score: 68 52 Antivirus detection for URL or domain 2->52 54 Connects to many ports of the same IP (likely port scanning) 2->54 56 Uses known network protocols on non-standard ports 2->56 58 AI detected suspicious sample 2->58 8 cmd.exe 1 2->8         started        11 msedge.exe 64 372 2->11         started        14 svchost.exe 1 2 2->14         started        process3 dnsIp4 60 Suspicious powershell command line found 8->60 16 powershell.exe 14 29 8->16         started        20 conhost.exe 8->20         started        42 192.168.2.10 unknown unknown 11->42 44 192.168.2.5, 18960, 443, 49634 unknown unknown 11->44 46 239.255.255.250 unknown Reserved 11->46 22 msedge.exe 11->22         started        24 msedge.exe 11->24         started        26 msedge.exe 11->26         started        28 msedge.exe 11->28         started        48 127.0.0.1 unknown unknown 14->48 signatures5 process6 dnsIp7 34 95.169.201.100, 18960, 49713, 49760 GOBULNETBG Bulgaria 16->34 50 Loading BitLocker PowerShell Module 16->50 30 msedge.exe 10 16->30         started        36 13.107.246.40, 443, 49889, 49894 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->36 38 b-0005.b-dc-msedge.net 13.107.9.158, 443, 49841, 49842 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 22->38 40 7 other IPs or domains 22->40 signatures8 process9 process10 32 msedge.exe 30->32         started       
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d2s4xhgvgiewbkvb6qa5wr4oa6trlaxxyyiljvegprnxmkobgv3a._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
discovery execution
Link:
https://tria.ge/reports/241204-qk3yca1qfp/
Behaviour
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Browser Information Discovery
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Rhadamanthys

Batch (bat) bat 1ea5cb9cd5320960aaa1f401db478e07a71582f7c610b4d4867c5b7629c13576

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3319808/
  
Delivery method
Distributed via web download

Comments