MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c
SHA3-384 hash: 20371b6e89d4e9c62ca185b993eb08866820eb4e1d8f452f6fd2c0a0676b4e2bcdcf5d7c40deef9f4e54cee986925f03
SHA1 hash: af4bb08d4ff8b2ebc5a7ec2e7e4a007d7db1157c
MD5 hash: ea33845f09eada590acd62460a32c110
humanhash: colorado-wisconsin-nuts-johnny
File name:2cmd.cmd
Download: download sample
File size:266 bytes
First seen:2026-03-17 11:17:19 UTC
Last seen:Never
File type:cmd cmd
MIME type:text/plain
ssdeep 6:pFvFtOurFgL2dfpYHJbfmCw2dfpYHtIL2dfpYkogAxj1jcgR+ljzn:LFtO2FP4N3YMnaz
TLSH T161D02B9E91173522A55BF819723C43565EC04000FC4C5FA0CCA448740357D9024462F7
Magika batch
Reporter JAMESWT_WT
Tags:46-62-197-232 cmd

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b9387988c80c01586b17ca
Tags:
shell sage blic
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
lolbin msiexec opendir soft-404
Link:
https://www.filescan.io/uploads/69b938774ec2f522cc4c5cf9/reports/2cf50d67-2f41-4850-859a-cc2b18a79df2/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c/results?tab=lookup
Score:
34%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qbv33nklyq2xgyeadohkhnvahcn7s4pysmjubc6tqwju3vbvhy6a._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
backdoor defense_evasion discovery execution persistence privilege_escalation ransomware rat spyware trojan
Link:
https://tria.ge/reports/260317-nedp6ahv4m/
Behaviour
Checks SCSI registry key(s)
Checks processor information in registry
Delays execution with timeout.exe
Modifies data under HKEY_USERS
Modifies registry class
Modifies system certificate store
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Command and Scripting Interpreter: PowerShell
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Checks system information in the registry
Drops file in System32 directory
Badlisted process makes network request
Checks installed software on the system
Enumerates connected drives
Checks BIOS information in registry
Detects GoToResolve remote administration tool
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Loads dropped DLL
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/806bbdb54bc4357360801b8ea3b6a0389bf971f89313408bd385934dd4353e3c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments