MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e
SHA3-384 hash:	6af901f683df05bb7e45207fb3bde72aa07bee86de387e40ab64a54fd844d929087f827bd127640f5b7d81be7e77f292
SHA1 hash:	82719f73ac5760ede94860af2fb8c5fa179c45d7
MD5 hash:	a73e1489f6c9a4678f5338499e16e9e0
humanhash:	purple-eleven-oranges-ohio
File name:	mix2pgYCDbF4pdNYtz.ps1
Download:	download sample
Signature	NetSupport Alert Create hunting rule
File size:	1'818'872 bytes
First seen:	2025-10-06 19:00:16 UTC
Last seen:	2025-10-11 10:36:29 UTC
File type:	ps1
MIME type:	text/plain
ssdeep	3072:/u5dqRTdoAlkwu2Xbhl3owhmp0twnpVAXf09p9uWXdut7+RVpxRt3j3oKKCf0hIg:hr
TLSH	T1CC854B606EC64BC0297C47D269E36468CBDA69BBB6CA3C59128D4515304BFE0F1F4CBB
Magika	powershell
Reporter	aachum
Tags:	congenialespresso-top dropped-by-ACRStealer NetSupport ps1

iamaachum

http://87.120.219.186/mix2pgYCDbF4pdNYtz.ps1

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

161

Origin country :

ES

Vendor Threat Intelligence

CyberFortress Malicious

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68e41204277c2bd8bc5d074e

Tags:

spawn sage

FileScan.IO Likely Malicious

Verdict:

Likely Malicious

Threat level:

  7.5/10

Confidence:

100%

Tags:

anti-debug anti-vm anti-vm base64 cmd control cscript dropper evasive evasive exploit explorer fingerprint fingerprint hh keylogger lolbin net obfuscated overlay wscript

Link:

https://www.filescan.io/uploads/68e411fac74bd2958b160dfc/reports/b75f03b5-695e-420e-81ce-3acea154bb95/overview

Hybrid Analysis Unknown

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e

Kaspersky OpenTIP Unknown

Verdict:

Unknown

File Type:

ps1

First seen:

2025-10-05T20:30:00Z UTC

Last seen:

2025-10-08T03:25:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e/results?tab=lookup

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1790101

Signature

AI detected malicious Powershell script

Found suspicious powershell code related to unpacking or dynamic code loading

Joe Sandbox ML detected suspicious sample

Yara detected Powershell download and execute

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e

Malva.RE

Gathering data

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e/

Neiki Clean

Verdict:

Clean

Link:

https://tip.neiki.dev/file/36a1b5b69da9554133d2ee575c50620b45bd7cb50a550cc4c6073d324ea4981e

ReversingLabs TitaniumCloud Script-PowerShell.Trojan.Heuristic

Threat name:

Script-PowerShell.Trojan.Heuristic

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-10-06 00:42:36 UTC

File Type:

Text

AV detection:

5 of 24 (20.83%)

Threat level:

  2/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=g2q3lnu5vfkucm6s5zlvyudcbnc327fvbjkqzrgga46tetvetapa._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

execution

Link:

https://tria.ge/reports/251006-xn8rbstygw/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Command and Scripting Interpreter: PowerShell

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.