MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6
SHA3-384 hash: aff0fa019316af352dba859d07fd0d731fbbdf415fdd6de05039361f4ad7a03d25ed4e28cc1c740f318bb2947f03a2e8
SHA1 hash: 649b251aae380d33fe2e0e979d86b1f783c8457e
MD5 hash: 39d6583973c4ea786604d3d561b3c41d
humanhash: louisiana-seventeen-zulu-mars
File name:install.ps1
Download: download sample
File size:180 bytes
First seen:2026-04-23 08:48:01 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3:k8PiFUSXHPtp5/FERMQ+OX8PRzxAgWSJJHJFEiTyWNcGKIF7OJAJCKWqL3dAKCAT:kNhtWXuflEiTF9K4iqrCZ0Isn
TLSH T10BC08055681EC5C43A5DB1DDE2D1A8D1C83705031511D8527FCBDCC55C4530D93123CE
Magika powershell
Reporter JAMESWT_WT
Tags:Google-Gemini ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.PUA.IA.Suspicious.78797893.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69e9dce551cce3ff702f53d0
Tags:
shell agent sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
obfuscated powershell powershell
Link:
https://www.filescan.io/uploads/69e9dcdf81aa9ec3bc205387/reports/0c629b42-b738-4481-b081-452847c1700d/overview
Verdict:
Suspicious
Labled as:
UDS_Trojan_PowerShell_Agent_bdl
Link:
https://www.hybrid-analysis.com/sample/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-22T10:05:00Z UTC
Last seen:
2026-04-24T16:44:00Z UTC
Hits:
~10
Detections:
Trojan.PowerShell.Agent.bdl NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C
Link:
https://opentip.kaspersky.com/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6/results?tab=lookup
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6/
Verdict:
Malicious
Threat:
NetTool.PowerShellUA.HTTP
Link:
https://tip.neiki.dev/file/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6
Threat name:
Script-PowerShell.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-04-21 21:53:27 UTC
File Type:
Text (Batch)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kbyzehfrzi3j72hxv5jcuabxhsgilzbvp57kdb45fs2k46ixs7la._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/260423-kqqbjsfv3z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
Suspicious use of SetThreadContext
Badlisted process makes network request
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5071921cb1ca369fe8f7af522a00373c8c85e4357f7ea1879d2cb4ae791797d6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments