MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf
SHA3-384 hash: 110c00db2877dabf7d3c817b99c2b41acda6ae5f35327f1d8639dfb6ba54d8100db55820c88d65c075ea3f7cdcc32723
SHA1 hash: e5abb5ea7082dff8f96e99c93ae1d70d6159831a
MD5 hash: 69c27b541ab1231067153d2abf021558
humanhash: violet-fourteen-blue-oxygen
File name:sweet.ps1
Download: download sample
File size:327'692 bytes
First seen:2025-04-11 04:14:57 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 6144:xKfCV6zJ3s6iUffbX4dcZ1xTNcLYW3v87yINPce+cfnly2UrhLr/Wdl98PsPr:xidBnbzNML3EmISbOly20h//slSPmr
TLSH T1AA6423441C239CAAC736A4B9439D9F5F3F94DCA20860FC9AFB51ADAF507C783586C588
Magika txt
Reporter JAMESWT_WT
Tags:176-65-142-190 ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f89e061dba888a93d016e1
Tags:
malware
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
obfuscated
Link:
https://www.filescan.io/uploads/67f8974f40adfb5162bf6b3f/reports/41c50701-0d00-486e-bc35-2fca72c8987c/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1662764
Signature
Joe Sandbox ML detected suspicious sample
Loading BitLocker PowerShell Module
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1662764 Sample: sweet.ps1 Startdate: 11/04/2025 Architecture: WINDOWS Score: 48 16 Joe Sandbox ML detected suspicious sample 2->16 6 powershell.exe 25 2->6         started        9 svchost.exe 1 1 2->9         started        process3 dnsIp4 18 Loading BitLocker PowerShell Module 6->18 12 conhost.exe 6->12         started        14 127.0.0.1 unknown unknown 9->14 signatures5 process6
Score:
7%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rqdvqwrub47wf4tkz3tbuwpkkqci3aexlh4pfvjt7zcmasob2s7q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/250411-evcncszjx4/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

PowerShell (PS) ps1 8c07585a340f3f62f26acee61a59ea54048d809759f8f2d533fe44c049c1d4bf

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3506910/
  
Delivery method
Distributed via web download

Comments