MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b
SHA3-384 hash: 451048c308ac3dbf2b4957db88fa26c01f2550247b417e65f97dcdad50dfbd7a8ebccede9266532f0c28cb22850606c4
SHA1 hash: bc3336a7f952a177bcb173e19b3c29d6a32b08e1
MD5 hash: 2fe7fb5ff2679de37673997b96958d08
humanhash: oven-lactose-illinois-kansas
File name:rtn_info.ps1
Download: download sample
File size:2'045 bytes
First seen:2023-12-22 19:31:30 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 48:P998B7gbjVZIFvLrWEyq9BmjFpyY+Y2Rpjpq0:P9fjTcfWEyq9BmjFpyY+Y30
TLSH T1A1413134B2A76B6D04871C5FBCEBDEC4C24532B840D83C11A6C54960FAC356D9A717FA
Reporter SI_FalconTeam
Tags:amsi opendir ps1 sharphound


Avatar
SI_FalconTeam
Found in opendir @ 45.84.1[.]161:8081

Intelligence

File Origin
# of uploads :
1
# of downloads :
224
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.BZC.PZQ.Boxter.121.F4C10FCB.11274.700.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
killav powershell
Link:
https://www.filescan.io/uploads/6585e433b855eb3693ee16bc/reports/9eec0a56-dd10-4043-bd69-90a8d34c9fab/overview
Verdict:
Malicious
Labled as:
BZC.PZQ.Boxter.81
Link:
https://www.hybrid-analysis.com/sample/763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b
Result
Verdict:
MALICIOUS
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.expl.evad
Score:
84 / 100
Link:
https://www.joesandbox.com/analysis/1366384
Signature
.NET source code contains potential unpacker
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Sigma detected: Dot net compiler compiles file from suspicious location
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Yara detected Powershell download and execute
Behaviour
Behavior Graph:
Download SVG
Score:
1%
Verdict:
Benign
File Type:
ASCII
Link:
https://malprob.io/report/763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oy55ej5fv3267ggnnn4wjhfyon7yqrp4ykus42iqt4cczf26jjfq._file
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
n/a
Link:
https://tria.ge/reports/231222-x8x6bsdbdp/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Malware Config
Dropper Extraction:
https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.ps1
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 763bd227a5aef5ef98cd6b79649cb8737f8845fcc2a92e69109f042c975e4a4b

(this sample)

  
X
https://twitter.com/SI_FalconTeam/status/1738217925616496923
  
Delivery method
Distributed via web download

Comments