MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13
SHA3-384 hash: f227c5f85e6f8fa68033f24ec970aeeb00959eb017bbd8f7a3dc0894e7d70beecad7524e9585ec213014412552ee33ed
SHA1 hash: 30aaee80f11a3a99f25d7f95786cf5948befbacf
MD5 hash: ac16f36d35e8cf75ff3dd6492e0c9b34
humanhash: ceiling-cat-mississippi-bluebird
File name:suspicious.txt.bat
Download: download sample
File size:82 bytes
First seen:2025-03-31 10:06:27 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 3:rNo+QRAdVLWQmYcKKKlTREu4SLXRFLw1n:ZovMWHYc3Kln4Sjc
TLSH T16DA01220125C58105C0091462D1642E6822304D037100219C064D8403828687701F444
Magika batch
Reporter zhuzhu0009
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
JP JP
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
suspicious.txt
Verdict:
Malicious activity
Analysis date:
2025-03-31 09:31:58 UTC
Tags:
cve-2017-0199 exploit pua adware
Link:
https://app.any.run/tasks/c5dc7335-bd2a-4ca4-aa07-6d7ed48d8c31

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67ea6c08855e5ec5240ac34a
Tags:
driverpack phishing
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
lolbin masquerade mshta
Link:
https://www.filescan.io/uploads/67ea694f631830704a8c1014/reports/621263e8-ccd6-411d-9900-fbd2dd8e5a37/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13
Result
Threat name:
n/a
Detection:
suspicious
Classification:
evad
Score:
22 / 100
Link:
https://www.joesandbox.com/analysis/1652712
Signature
Uses an obfuscated file name to hide its real file extension (double extension)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1652712 Sample: suspicious.txt.bat Startdate: 31/03/2025 Architecture: WINDOWS Score: 22 14 update.drp.su 2->14 18 Uses an obfuscated file name to hide its real file extension (double extension) 2->18 7 cmd.exe 1 2->7         started        signatures3 process4 process5 9 mshta.exe 15 7->9         started        12 conhost.exe 7->12         started        dnsIp6 16 update.drp.su 37.9.8.75, 49691, 80 SELECTELRU Russian Federation 9->16
Score:
83%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lemgxhvc56xxfpiz3dzfqomfjglznjuojueuljivlfrby6n674jq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/250331-l5nxpswzbs/
Behaviour
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Malware Config
Dropper Extraction:
http://update.drp.su/nps/offline/bin/tools/run.hta
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/59186b9ea2efaf72bd19d8f2583985499796a68e4d0945a51559621c79beff13

File information

The table below shows additional information about this malware sample such as delivery method and external references.

anyrun
any.run
https://app.any.run/tasks/c5dc7335-bd2a-4ca4-aa07-6d7ed48d8c31

Comments