MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534
SHA3-384 hash:	33dc97c0445c1a6eb6a0b3188bcf234d7a8f078575fb52cbb4584cc467d72d869983ba9412628051fe70c401a0347f26
SHA1 hash:	b4d8fa03cbf06223937e5f127337859fef8a6892
MD5 hash:	05a5ffd183d999cc5c4a43e963840119
humanhash:	queen-triple-colorado-oxygen
File name:	ps.ps1
Download:	download sample
File size:	101 bytes
First seen:	2026-03-31 16:17:29 UTC
Last seen:	Never
File type:	ps1
MIME type:	text/plain
ssdeep	3:VSJJFISnMcXR/JJNLNNQXLzEfOWM4uYd47ATyyN1shwdn:s8SMOBd+qV/q7ATVm8n
TLSH	T134B01233C0E496EEBF5FC82984151C9839000244C3148BE132C062892C4CC89C32145C
Magika	txt
Reporter	JAMESWT_WT
Tags:	booking ClickFix FakeCaptcha gaowvdoxh-com ps1

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Detection(s):

SecuriteInfo.com.PUA.IA.Suspicious.68399923.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69cbf3c86363ca5d27f03fc4

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

obfuscated powershell

Link:

https://www.filescan.io/uploads/69cbf3c6972c219c8d739ac7/reports/b82d3084-355e-4015-86a8-f119d086fa5a/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534

Verdict:

Malicious

File Type:

ps1

First seen:

2026-04-01T08:29:00Z UTC

Last seen:

2026-04-01T14:41:00Z UTC

Hits:

~100

Detections:

Trojan-Downloader.Win32.Agent.a Trojan-Downloader.Agent.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C NetTool.PowerShellUA.HTTP.C&C

Link:

https://opentip.kaspersky.com/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534/results?tab=lookup

Score:

40%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534

Threat name:

Script-PowerShell.Trojan.Malgent

Status:

Malicious

First seen:

2026-03-31 16:18:17 UTC

File Type:

Text (Batch)

AV detection:

1 of 24 (4.17%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jlsbtfuq7sbxqatr67i62l3ccs7a64ehdtmutye6st5kbohtqu2a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

execution

Link:

https://tria.ge/reports/260331-tr2kmsbz3n/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Malware family:

NetSupport

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/_mb/4ae4199690fc/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4ae4199690fc83780271f7d1ed2f6214be0f70871cd949e09e94faa0b8f38534

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample