MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48d597a1c5fa6751b1a3a48922ed15ba5e9ac615de88e53b68057e3ff9dd2acb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48d597a1c5fa6751b1a3a48922ed15ba5e9ac615de88e53b68057e3ff9dd2acb
SHA3-384 hash: 8a7a5a137402d0797da7cdae8c47947ffb3d71f53e741b4bab80d61f97675ffb8a9f3140672401234bc52a6f4b24487c
SHA1 hash: 051e3385f0392f9fb1cfa2ae04f39bf8fbb7314b
MD5 hash: 50b5ab781213f9feed098dc698856ef8
humanhash: ohio-hotel-november-utah
File name:sample.bat
Download: download sample
File size:29'409 bytes
First seen:2021-05-18 07:14:26 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 768:hodwCxmV3A9zj1J3VZSrly0CRAKjfntyr:d+m0f3KlaRAKjf8r
TLSH 9FD2077EEC222EC305913DD848041E65ECE98CEF1F50F65A9448F4FA64D6E989CF6D22
Reporter xme
Tags:sansisc

Intelligence

File Origin
# of uploads :
1
# of downloads :
215
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
sample.bat
Verdict:
No threats detected
Analysis date:
2021-05-18 07:50:28 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/7344d4ac-383e-4fe9-b395-ef074385ac76

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan.Agent.FHEJ.29619.2534.UNOFFICIAL
Create hunting rule

Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/784273
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 416667 Sample: sample.bat Startdate: 18/05/2021 Architecture: WINDOWS Score: 48 10 Multi AV Scanner detection for submitted file 2->10 6 cmd.exe 1 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48d597a1c5fa6751b1a3a48922ed15ba5e9ac615de88e53b68057e3ff9dd2acb/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2021-05-11 12:58:00 UTC
AV detection:
3 of 29 (10.34%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/210602-pzc7gm74z6/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments