MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


KongTuke


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f
SHA3-384 hash: ffaf857726208429171ab849f2eab338071e2d048fe676f2ed3071077d34b5a9e0039f2ba893111c6573fa180698bbf2
SHA1 hash: 00082c59a56f0298326ef97d51c78ca2af57bbc3
MD5 hash: 2dbec10c15d535bcf896a524a545d1f8
humanhash: speaker-kansas-alpha-kitten
File name:clients
Download: download sample
Signature KongTuke
Create hunting rule
File size:5'490'167 bytes
First seen:2026-03-17 13:11:16 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 12288:CVbksmGlyIm5kN19qgfNPePIPqPvPpPvJPvQPvhPvKPvUPvT6:y6
TLSH T1C346079AF68407F89584AACC430B35DE63A5813B6EB7204995D2851F3C2EF237A35D7C
Magika powershell
Reporter monitorsg
Tags:Kongtuke ps1


Avatar
monitorsg
hXXps://flatheadcat[.]com/7s99.js --> hXXps://FlatheadCat[.]com/js.php (ClickFix) --> hXXps://obmlink[.]com/clients (Powershell)

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
US US
Vendor Threat Intelligence
No detections
Detection(s):
Win.Downloader.Emmenhtal-10044033-0
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b9586688c80c01586b2071
Tags:
obfuscate phishing xtreme shell
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
powershell
Link:
https://www.filescan.io/uploads/69b958622000fc76c3e59e9f/reports/5b19c45b-28ba-41b3-89b8-1a5ead4a73a0/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/PS.Obfuscator
Link:
https://www.hybrid-analysis.com/sample/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=imdtztd7uvpocc5ecpnezjxxct3g7ayflsksz7xayukbbicr5rhq._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
defense_evasion execution
Link:
https://tria.ge/reports/260317-qva1badv41/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Obfuscated Files or Information: Command Obfuscation
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

KongTuke

PowerShell (PS) ps1 43073ccc7fa55ee10ba413da4ca6f714f66f83055c952cfee0c51410a051ec4f

(this sample)

  
Link
https://infosec.exchange/@monitorsg/116244681326734878
  
Delivery method
Distributed via web download

Comments