MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f3aa9362d72e806490a8abce245331030d1ab5ac77e400dd475748236a6cc81. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f3aa9362d72e806490a8abce245331030d1ab5ac77e400dd475748236a6cc81
SHA3-384 hash: f01a24621103e1b93443f0fc0ee8fcea385168d3ac6adce5dbe30c09d6fa085a4943bbee346c3fa5098a6dfa1ccf9cf0
SHA1 hash: c5228718602f8961c39ae9c88e187bcf75735716
MD5 hash: 5f9871f15aa65ca6f3c284c8d100dced
humanhash: lithium-washington-two-mike
File name:1.bat
Download: download sample
File size:1'881 bytes
First seen:2022-08-05 16:21:09 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 48:h2jQaSUtiHtyDHtGHt9g4F+gGpQ+gu+gOFj6:wjn5tutgtStijRae
TLSH T181418B104AB14330D7D5A810AA86F405EBB672567CE3A72011CFB04D8197BDE857EAEE
Reporter 1ZRR4H
Tags:bat Disabler

Intelligence

File Origin
# of uploads :
1
# of downloads :
357
Origin country :
n/a
Vendor Threat Intelligence
Result
Verdict:
MALICIOUS
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1047354
Signature
Creates an undocumented autostart registry key
Disables UAC (registry)
Multi AV Scanner detection for submitted file
Uses cmd line tools excessively to alter registry or file data
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 679848 Sample: 1.bat Startdate: 06/08/2022 Architecture: WINDOWS Score: 60 24 Multi AV Scanner detection for submitted file 2->24 6 cmd.exe 1 2->6         started        9 tsusbhub.sys 3 2->9         started        11 rdpdr.sys 8 2->11         started        13 rdpvideominiport.sys 4 2->13         started        process3 signatures4 26 Uses cmd line tools excessively to alter registry or file data 6->26 15 reg.exe 1 6->15         started        18 reg.exe 1 1 6->18         started        20 conhost.exe 6->20         started        22 7 other processes 6->22 process5 signatures6 28 Disables UAC (registry) 15->28 30 Creates an undocumented autostart registry key 18->30
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f3aa9362d72e806490a8abce245331030d1ab5ac77e400dd475748236a6cc81/
Threat name:
Script-BAT.Trojan.Disabler
Create hunting rule
Status:
Malicious
First seen:
2022-07-26 17:15:38 UTC
File Type:
Text (Batch)
AV detection:
7 of 38 (18.42%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n45ksnrnoluamsikrk6oerjtcayndk22y57eadouov2ienvgzsaq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6f3aa9362d72e806490a8abce245331030d1ab5ac77e400dd475748236a6cc81

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments