MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 4 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2
SHA3-384 hash: ac68915a978056e29d10758f8341461227ab408c1f95d45bb29faef3ac5821cabc9f47f7f36ce5b8fefed50753f0dd37
SHA1 hash: 0a7f3be0c96b635faa962ad3e76c3e04c9fad940
MD5 hash: 829d0c76c38d12b5c1152501237ce636
humanhash: tango-music-kilo-lion
File name:1SPhMAR17_Annnnnnn.py
Download: download sample
File size:142'880 bytes
First seen:2026-03-18 16:32:51 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 3072:n+mwr5Onk5FL8lB4p/m71HexA0a7UkenRIWkB/5PavLE9j6sovjVFK:+mwdOnk/hO1zERNSP56xvjVFK
TLSH T13AD301E08E9F86C66539F121486AD941FEB4071B06A07854BF9CE1F61F352AA3077D3D
Magika python
Reporter JAMESWT_WT
Tags:py WsgiDAV

Intelligence

File Origin
# of uploads :
1
# of downloads :
16
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69bae3bc88c80c01586bb4c2
Tags:
ransomware virus
Gathering data
Verdict:
Malicious
Labled as:
Python/ShellcodeRunner.AC trojan
Link:
https://www.hybrid-analysis.com/sample/37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2/results?tab=lookup
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g7epxsztjg4njvuu35awyn4tqiipbvdyloawja4w5q3iedb7ewra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260318-v9hqxshy7z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/37c8fbcb3349b8d4d694df416c37938210f0d4785b81648396ec36820c3f25a2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments