MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SalatStealer


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271
SHA3-384 hash: 48d053255e6ba5bc6b3ca46fa2472ea30ff81b749b8120a369ab737d1ee0bba67eb14a1aa84fcfdbd2cfa62d84f32a8a
SHA1 hash: f3cf86fa2dbd488b9c8910e91718151de1fbe0d7
MD5 hash: fed2454b6ea71dd261474e64db4a9a56
humanhash: hawaii-wolfram-july-juliet
File name:aywbbg.bat
Download: download sample
Signature SalatStealer
Create hunting rule
File size:21'261 bytes
First seen:2026-02-28 08:25:29 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/plain
ssdeep 384:+3OSE6tSpbkzZfzrGIXf/dJ0zbYiAc96NAYNLObAS+SesCEzt:+3OSELZktBfFybSo6NDLO1vesb5
Threatray 952 similar samples on MalwareBazaar
TLSH T13DA206A977B608BB2007E3D685D7553DEF2F1A832D22E9FC69C5B2C1CB066521D03366
Magika batch
Reporter JAMESWT_WT
Tags:bat jerrymac2008-duckdns-org SalatStealer Spam-ITA

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Malware family:
xmrig
Create hunting rule
ID:
1
File name:
comprovativo de pagamento.js
Verdict:
Malicious activity
Analysis date:
2026-02-28 08:15:29 UTC
Tags:
susp-powershell salatstealer stealer xworm ms-smartcard golang upx xmrig miner winring0-sys vuln-driver netreactor crypto-regex ims-api generic xor-url
Link:
https://app.any.run/tasks/818529b6-40a9-4347-87ad-ae9ee3225207

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/54973/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2a6a8c950ab5d9ab26bd9
Tags:
shell crypt sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 net obfuscated powershell
Link:
https://www.filescan.io/uploads/69a2a6a39eaae846594095b0/reports/1369500d-ffb4-474e-b18b-c1c6942760fd/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271
Verdict:
Malicious
File Type:
unix shell
Detections:
PDM:Trojan.Win32.Generic
Link:
https://opentip.kaspersky.com/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=maiyxjqsisandqulhuyphafkmqbqigf2c52oqq37tt5ol2qzcjyq._file
Verdict:
malicious
Label(s):
salatstealer
Create hunting rule
Similar samples:
50e4b1376739ee9a3660c9ddb63fe070eec750a6ee1b1d9d82f68d1e6168af59
SalatStealer
7b9e8f8db44e8681765aed67147fd9660de641e9ee7b99b49c3f6a2024fe5795
SalatStealer
8a116e67de1378ff68529774ec5bb984c41de823080256ae4d679bf28c398c8d
SalatStealer
9b21cf772c011513630d2c5c43bdc3a7e1e497f410216b9afbf3ad396f38df33
SalatStealer
a367c39c8c54610d2be9699885589bb3b553d4770b77d00e0a8089ee47e3a9bb
SalatStealer
d1cf2bed3134dcfa6cc837d263f99ab2743d7b770f801be92b172f441b6e0ae5
SalatStealer
eb912f9bb9d6a6aa2d145c982cc1e8c33245b735d993849c034fe6bf409b4f08
SalatStealer
error
SalatStealer
fdc247689570055e117be90bb8d8ff47811e414c9ebf52d43fa0bce6f27efd86
SalatStealer
fdc4fdaa72a75855b6fa41d76b931f9fc9a9c076df6108e1248a778a1015e91f
SalatStealer
+ 942 additional samples on MalwareBazaar
Result
Malware family:
salatstealer
Create hunting rule
Score:
  10/10
Tags:
family:salatstealer credential_access defense_evasion discovery execution persistence spyware stealer trojan upx
Link:
https://tria.ge/reports/260228-kbypdaez9e/
Behaviour
Modifies data under HKEY_USERS
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Drops file in System32 directory
Suspicious use of SetThreadContext
UPX packed file
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Power Settings
Creates new service(s)
Executes dropped EXE
Reads user/profile data of web browsers
Stops running service(s)
Unsecured Credentials: Credentials In Files
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Detect SalatStealer payload
Salatstealer family
UAC bypass
salatstealer
Malware family:
SalatStealer
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/60118ba61244/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/54973/

Comments