MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c
SHA3-384 hash:	7a057f2a51b537e6aa8ecd04ba5988b65e9d77f5b858ccf41d000b45c79040a09a69a861443bb220282906c352966adc
SHA1 hash:	ec8ad626195e1ea40e23974ba45be0cabb537387
MD5 hash:	07965f3dd8fdbe52dd27ba62678cb710
humanhash:	magazine-massachusetts-november-colorado
File name:	urlid.ps1
Download:	download sample
File size:	22'746 bytes
First seen:	2025-09-10 09:42:52 UTC
Last seen:	2025-09-10 17:33:50 UTC
File type:	ps1
MIME type:	text/plain
ssdeep	384:tozZVQZSsaJxcZc22H9ccaSkkYyH2+as2k0gko0F8gYlhdfPghXPNwQvnxhZK:tKQAtxcD2dcNSkFyHzjH0gkVF8guhdfv
Threatray	340 similar samples on MalwareBazaar
TLSH	T12DA2D00FE0CBCFA30E3044F48972BB65E18A9D40A6BBCDC9F9893157F15E294747A189
Magika	autoit
Reporter	pr0xylife
Tags:	ps1

Intelligence

File Origin

# of uploads :

2

# of downloads :

50

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68c1484e6e66ba602d79ccd9

Tags:

trojan agent shell

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

obfuscated

Link:

https://www.filescan.io/uploads/68c1484ecfa59bfdc7f741f1/reports/c31afee2-1bc5-4a7b-b9e3-18589345f5cc/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c

Verdict:

Malicious

File Type:

ps1

First seen:

2025-09-10T00:10:00Z UTC

Last seen:

2025-09-10T00:10:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Agent.HTTP.C&C Trojan.Win64.SBEscape.adq PDM:Trojan.Win32.Generic NetTool.PowerShellGet.HTTP.C&C NetTool.PowerShellUA.HTTP.C&C

Link:

https://opentip.kaspersky.com/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c/results?tab=lookup

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c

Gathering data

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c/

Verdict:

Malicious

Threat:

NetTool.Win64.HTTP

Link:

https://tip.neiki.dev/file/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-09-10 03:47:34 UTC

File Type:

Text

AV detection:

6 of 37 (16.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=mkodetbxvrrqoezxh2huk46f4cms4cry7gy6bmx4nzxxcnpm4ooa._file

Verdict:

malicious

Label(s):

rhadamanthys

Similar samples:

1936ccd7cc0f18a24224533eab9a88c37130495143dc5599542cc4607650352b

1c550627d02d46e25498d8191e5758f57c55a6c78371dc2005cdb31cdcf20064

49384d1b446055cb7893bfc2ecd48a2ac2c3c1ebba90cd1355447017fc35ddd7

a041bcb340cdfd50bea3d8ed47ca29365c8c4d8235ac93112023e57ab723d4cc

b4fd170f2d56421678f4743cba758fb69779b4bfd0f77202dbfc760d8ed1c8e5

d0be3d57938b0b103ac6b128aef12dabd74f0205ae0bef81792ef348b4d97152

e06cea49c482dd0ddc55cab8fdf5a042540db352139475a8019768481ef152af

eda24d00ccb349b411c67f24d53a9499d890a4467184be6d8b7014d1612feb38

fa26f2383a891ebe64d23f64448c9e5ede3470bb6e6fbf93dbf1c849186fb44b

fe7ba9fdcc449190123cc2c60ef77c04912c442a3c15ef2b88d26fe41c18c6a8

+ 330 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/250910-lp71msx1dx/

Behaviour

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Command and Scripting Interpreter: PowerShell

Executes dropped EXE

Badlisted process makes network request

Downloads MZ/PE file

Suspicious use of NtCreateUserProcessOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

ps1 629c324c37ac630713373e8f4573c5e0992e0a38f9b1e0b2fc6e6f7135ece39c

(this sample)

exe 41b402ff6d432fcff5fb710bfb271bdf8d7838eaad5d7f35aac354036b40f18b

Dropping

SHA256 41b402ff6d432fcff5fb710bfb271bdf8d7838eaad5d7f35aac354036b40f18b

Dropping

MD5 2295f3ac6f257d58be859d220f4dfaca

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample