MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c
SHA3-384 hash: 623cc3f6a4e2fbed5684d80cd7642fb7889c4315fdf04b989ce39e493d4fff258d93162a6f6d6be1ad83ef123179ff8c
SHA1 hash: 67e100080dfe6aa2aa82fef931ba12e2702104a6
MD5 hash: 3dadbc2ea0e8abb7ac1332c0ce767290
humanhash: grey-white-social-violet
File name:62.122.184.98.ps1
Download: download sample
File size:123'448 bytes
First seen:2025-01-14 16:59:17 UTC
Last seen:2025-01-17 08:11:59 UTC
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3072:U2sz0orzAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnx/:U2s1zAOok9Y3sOGnuerPkwo67g3Lk7pU
TLSH T1FAC32A711207BCCE97BF2F89E8843AA11C9C5077AB548598FDC906B952AF5208F7CDB4
Magika powershell
Reporter JAMESWT_WT
Tags:62-122-184-98 booking ps1

Intelligence

File Origin
# of uploads :
2
# of downloads :
94
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PowerShell.Obfus-9.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678698184487910100def894
Tags:
virus shell sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
confuserex fingerprint ipconfig net obfuscated strelastealer
Link:
https://www.filescan.io/uploads/6786981d715c839cc31a89fe/reports/3ac29991-1174-4da5-a407-89510d4d41ff/overview
Verdict:
Malicious
Labled as:
Trojan.Generic
Link:
https://www.hybrid-analysis.com/sample/2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1591129
Signature
AI detected suspicious sample
Injects a PE file into a foreign processes
Multi AV Scanner detection for submitted file
Uses ipconfig to lookup or modify the Windows network settings
Writes to foreign memory regions
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c/
Threat name:
Script-PowerShell.Trojan.LummaC
Create hunting rule
Status:
Malicious
First seen:
2024-12-25 01:54:10 UTC
File Type:
Text (PowerShell)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fmgy2qpuv5c2hcgmobtxiy5acdtr4mnfxjv2vwxgrkbqarkyifoa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution persistence
Link:
https://tria.ge/reports/250114-vhzkcswjdq/
Behaviour
Gathers network information
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Suspicious use of SetThreadContext
Adds Run key to start application
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 2b0d8d41f4af45a388cc70677463a010e71e31a5ba6baadae68a83004558415c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3400377/
  
Delivery method
Distributed via web download

Comments