MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b8b824f5aa773ebdec8a34a338f426a2e58b372ef1ed251c0f763e2f46cf7d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b8b824f5aa773ebdec8a34a338f426a2e58b372ef1ed251c0f763e2f46cf7d1
SHA3-384 hash: 47fc2bd548373d7a7c5308de2ff344c12652bbfeff9fcca1d640828142a8aeb16fcc118e59f2bda24118d93204c57693
SHA1 hash: 051b6490bb6ad19c43900453616dad3e65749e36
MD5 hash: 6f077e308d305f8808f6427b90c201d4
humanhash: fix-johnny-sierra-arizona
File name:av.ps1
Download: download sample
File size:147'775 bytes
First seen:2022-12-07 08:00:29 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3072:z8WyKSUPUa84zcTEJx5ieEzNe9tULHABX5u4qkkJtSVA0DEQSWlelYJd:z8WyKSUPUa84zcTEJx5ieEzNe9tUQXwE
Threatray 18 similar samples on MalwareBazaar
TLSH T11AE3F8F4A8D7ECC8F40F5C8065ACBD960D7139E3AAC80D24536C66049BE9E946F485DF
Reporter JAMESWT_WT
Tags:62-204-41-235 ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
190
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Script.SNH-gen.11355.21740.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6390483f55eb3470cd4fe773/reports/78cb83cc-31ce-4512-8afe-8569e19f7065/overview
Result
Verdict:
UNKNOWN
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1129701
Signature
Antivirus detection for URL or domain
Injects a PE file into a foreign processes
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Sigma detected: Schedule script from internet via mshta
Snort IDS alert for network traffic
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 762426 Sample: av.ps1 Startdate: 07/12/2022 Architecture: WINDOWS Score: 100 29 Snort IDS alert for network traffic 2->29 31 Multi AV Scanner detection for domain / URL 2->31 33 Malicious sample detected (through community Yara rule) 2->33 35 3 other signatures 2->35 8 powershell.exe 18 2->8         started        11 mshta.exe 23 2->11         started        process3 dnsIp4 37 Writes to foreign memory regions 8->37 39 Injects a PE file into a foreign processes 8->39 14 RegSvcs.exe 1 1 8->14         started        17 conhost.exe 8->17         started        27 62.204.41.235, 49720, 49722, 80 TNNET-ASTNNetOyMainnetworkFI United Kingdom 11->27 19 powershell.exe 14 11 11->19         started        signatures5 process6 signatures7 41 Uses schtasks.exe or at.exe to add and modify task schedules 14->41 21 schtasks.exe 1 14->21         started        23 conhost.exe 19->23         started        process8 process9 25 conhost.exe 21->25         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b8b824f5aa773ebdec8a34a338f426a2e58b372ef1ed251c0f763e2f46cf7d1/
Threat name:
Win32.Dropper.Generic
Create hunting rule
Status:
Suspicious
First seen:
2022-12-07 08:00:44 UTC
File Type:
Text (PowerShell)
AV detection:
1 of 39 (2.56%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nofyet22u5z6xxwiunfdhd2cnixfrm3s54pneuoa65r6f5dm67iq._file
Verdict:
malicious
Similar samples:
1f531a7a7e0024d96701bd6c09c97cda0e56690deb7b53b9b855017000bf0baa
68484d62dab0f69fe93fad1f2bb08a0284426ee328efc38b6000f54acf5945f1
7ff14c21fd0b01bdde72c128356802e29242809bd3965e234ac1231da1c0893a
ba9d426a7263ec852c779938f0d484073886df271fffeae8a8248d735b64c951
ceae593f359a902398e094e1cdbc4502c8fd0ba6b71e625969da6df5464dea95
cf16e91a8611d4dfbba4af8164ab661d612e21a4403a62b6fb0d9ad25d065613
eecf2be58b05e17324df1774fc2a24ed69ed539be3fffdab025e9d60b7ab3e2d
+ 8 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  6/10
Tags:
persistence
Link:
https://tria.ge/reports/221207-jwj62sha83/
Behaviour
Creates scheduled task(s)
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Suspicious use of SetThreadContext
Adds Run key to start application
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6b8b824f5aa7/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6b8b824f5aa773ebdec8a34a338f426a2e58b372ef1ed251c0f763e2f46cf7d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments