MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a
SHA3-384 hash: e3d5fdfbf321d030a8e2ca9cdcb71a1e23195257c3fd4d8cad1966835b7e328e5fe3ca0ad1da387d1ae53cf45285ffd0
SHA1 hash: a505fa666a56b827aa39bb80791655581290e63f
MD5 hash: f97aefe3c6dbb6f7796a4b73374fec46
humanhash: two-arkansas-cold-mirror
File name:92.255.57_1.112.ps1
Download: download sample
File size:526'208 bytes
First seen:2025-01-17 07:32:03 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 12288:eFwowo0VN2VOhllXKS2Utye+jF2RZQcqNStpIOe0Ti0dBmEv/:2S37hloSTtKF2RZQHGuvk
TLSH T16DB401731617FC8F67AF1F89E9003B952C7C943B6B1C4058F9C90BA990EA520DE6AD74
Magika powershell
Reporter JAMESWT_WT
Tags:92-255-57-112 booking ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
107
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PowerShell.Obfus-9.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678a07754487910100dfba00
Tags:
virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
confuserex evasive lolbin net obfuscated regsvcs
Link:
https://www.filescan.io/uploads/678a07aeb8fb56a392b97e1c/reports/0c840038-5fb1-49ff-9029-a5f27e2b2ad9/overview
Verdict:
Malicious
Labled as:
Trojan[Dropper]/Agent.a
Link:
https://www.hybrid-analysis.com/sample/71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a
Result
Verdict:
UNKNOWN
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1593448
Signature
AI detected suspicious sample
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1593448 Sample: 92.255.57_1.112.ps1 Startdate: 17/01/2025 Architecture: WINDOWS Score: 52 10 Multi AV Scanner detection for submitted file 2->10 12 AI detected suspicious sample 2->12 6 powershell.exe 21 2->6         started        process3 process4 8 conhost.exe 6->8         started       
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a/
Threat name:
Script-PowerShell.Downloader.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-01-17 07:30:21 UTC
File Type:
Text (PowerShell)
AV detection:
9 of 24 (37.50%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ogv4hnhozqjxqk6ebsgwcrtifamgslypdevyfsalznq4bndjdiva._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/250117-jdhkhaxmgq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 71abc3b4eecc13782bc40c8d6146682818692f0f192b82c80bcb61c0b4691a2a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3399029/
  
Delivery method
Distributed via web download

Comments