MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2bcd5702a7565952c44075ac6fb946c7780526640d1264f692c7664c02c68465. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2bcd5702a7565952c44075ac6fb946c7780526640d1264f692c7664c02c68465
SHA3-384 hash: c9f4a2127cc483e1f26118fe1addbf340b586118da524235256968fb750d51998d10f827784f4198200fe2483368ea3f
SHA1 hash: b8fc0194f6ed56e4a57c16756e506369c74c4078
MD5 hash: 0f1290d014dfd9e66bbbed96a828f7d1
humanhash: floor-artist-potato-harry
File name:shadowGuru.bat
Download: download sample
File size:13'745 bytes
First seen:2022-09-20 08:19:22 UTC
Last seen:2022-10-18 06:51:51 UTC
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 192:b8LSpGIVPU0QuM13NWon2PVtlT8q/qw6wqYry:AsG7R4fg
TLSH T153526D017BB64132F170B301EB1FC97B1BBB9FAB3091930555E6740495BF90BA8BA1DA
Reporter JAMESWT_WT
Tags:bat

Intelligence

File Origin
# of uploads :
5
# of downloads :
146
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
shadowGuru.bat
Verdict:
Malicious activity
Analysis date:
2022-09-20 08:20:37 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/857348bd-513f-4136-b12b-aa465bb74272

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Agent.FKOV.15498.23463.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the process to interact with network services
Launching a process
Sending a custom TCP request
Changing Windows critical settings
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint
Link:
https://www.filescan.io/uploads/6329783a865ed83c0119b233/reports/9615d594-55e1-4aad-8618-4252ca2f3711/overview
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spyw
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1073743
Signature
Gathers information about network shares
Multi AV Scanner detection for submitted file
Uses cmd line tools excessively to alter registry or file data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 706286 Sample: shadowGuru.bat Startdate: 20/09/2022 Architecture: WINDOWS Score: 56 32 Multi AV Scanner detection for submitted file 2->32 7 cmd.exe 1 2->7         started        process3 signatures4 34 Uses cmd line tools excessively to alter registry or file data 7->34 36 Gathers information about network shares 7->36 10 net.exe 1 7->10         started        12 net.exe 1 7->12         started        14 net.exe 1 7->14         started        16 26 other processes 7->16 process5 process6 18 net1.exe 1 10->18         started        20 net1.exe 1 12->20         started        22 net1.exe 1 14->22         started        24 net1.exe 1 16->24         started        26 net1.exe 1 16->26         started        28 net1.exe 1 16->28         started        30 4 other processes 16->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2bcd5702a7565952c44075ac6fb946c7780526640d1264f692c7664c02c68465/
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2021-07-20 19:20:00 UTC
File Type:
Text (Batch)
AV detection:
6 of 26 (23.08%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fpgvoavhkzmvfrcaowwg7okgy54akjtebujgj5usy5teyawgqrsq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
n/a
Link:
https://tria.ge/reports/220920-q74s6adbb6/
Behaviour
Runs net.exe
Suspicious use of WriteProcessMemory
Checks for any installed AV software in registry
Verdict:
Malicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7a5bfda6-814c-4254-a91f-daef70f6e4e3
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/2bcd5702a7565952c44075ac6fb946c7780526640d1264f692c7664c02c68465

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments