MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266
SHA3-384 hash: 3fe062ef7cb673e4ed26deccd803f6c45766d857cd2fc6b44dbd5f9aef0c811778b1b1ce4e3746673a20f1f6dcb7a6e3
SHA1 hash: 83a9b0eba73c86af8431ef7844611c6adc097659
MD5 hash: 9c6c01f60725e63ad7b989186e06b588
humanhash: jersey-lion-washington-bluebird
File name:ps.ps1
Download: download sample
File size:1'618 bytes
First seen:2026-04-15 06:29:32 UTC
Last seen:2026-04-15 06:30:19 UTC
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 48:lSdEC+eKIeea05F/yDRTSpRVavH6CVee8F8qint:lt9R4MuHVwH6CVe9w
TLSH T14931AA6315BA05BFDADE30B3D0D24601D4C26EAC40266710F4F8677E454000F6D97DF5
Magika powershell
Reporter JAMESWT_WT
Tags:Dienstangebot-Klement ps1

Intelligence

File Origin
# of uploads :
2
# of downloads :
49
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69df305cf68adfe10039f500
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69df30505ea31bc68a2bfb58/reports/35d20304-464f-44de-a1fd-126cdbfcf8f9/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266
Verdict:
Clean
File Type:
ps1
Link:
https://opentip.kaspersky.com/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266/results?tab=lookup
Score:
79%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d25dlspaejdllgxn2tu3qixcjbomywj37zt6w4knbswaxqel2jta._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/260415-g897wsgs2m/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/1eba35c9e02246b59aedd4e9b822e2485ccc593bfe67eb714d0cac0bc08bd266

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments