MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124
SHA3-384 hash: b62f6765e106e91019b383ba4b24b20a7eae164874b044fecd904c1f3364420efbe98fbde516edd31c8bc97f18ccc138
SHA1 hash: 101fd17abb8a3f9a149586a119f407e7702a927e
MD5 hash: 00b4bcae46e5d359bce20904770c476b
humanhash: kansas-speaker-mirror-princess
File name:pol.bat
Download: download sample
File size:542 bytes
First seen:2026-04-09 05:56:30 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 6:hvk1SFdAxnpDTw0yyw0L2bhbOtlJH0i6gRHU8ZyXMJ2dCH5/EIA6+0EUl3QztnRV:pkAFdGDTFM0Uh6mgpZyKlq6+Ol3ORV
TLSH T1D0F00E11002F0120417A03AE0F441CE2F3936227240A24C43DCDA1D16BBF49907F23DD
Magika batch
Reporter abuse_ch
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
SE SE
Vendor Threat Intelligence
Malware configuration found for:
BatchScript
Details
BatchScript
varying reportable information from embedded commands and any observed URLs
Link:
https://research.acce.ciphertechsolutions.com/results/62a04303-335c-425e-9351-67ff727c48ab/
Malware family:
n/a
ID:
1
File name:
go.bat
Verdict:
Malicious activity
Analysis date:
2026-04-09 05:58:10 UTC
Tags:
auto-startup python crypto-regex pulsar rat
Link:
https://app.any.run/tasks/4bf000f3-b1ce-4795-b685-94c60d3a97db

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/60895/
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69d73fc36a61012f6ad0436c
Tags:
n/a
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching cmd.exe command interpreter
Launching a process
Creating a file
DNS request
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124
Result
Gathering data
Verdict:
Clean
File Type:
cmd
Link:
https://opentip.kaspersky.com/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124/results?tab=lookup
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1895670
Behaviour
Behavior Graph:
n/a
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l5kbh5puxqemfv7mzh7pdasf5mxr6prxrj3xqmgdmexp32e7sesa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
defense_evasion
Link:
https://tria.ge/reports/260409-gnpepaax2m/
Behaviour
Delays execution with timeout.exe
Suspicious use of WriteProcessMemory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.45
Link:
https://yomi.yoroi.company/submissions/5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat 5f5413f5f4bc08c2d7ecc9fef18245eb2f1f3e378a777830c3612efde89f9124

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3814706/
  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/60895/

Comments