MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 11

Intelligence 11 IOCs YARA File information Comments

SHA256 hash:	8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff
SHA3-384 hash:	c9492877605fb6c0355db843b8bdf03199990f5632e1fc5cb09bc06a6441e237a715b1ccb0743b51b820d47dfa90f006
SHA1 hash:	6a2f324cffe102a12294072853dba883bf96f2a0
MD5 hash:	d657c396fd951e091c53b7ba4eb571b1
humanhash:	violet-triple-pip-angel
File name:	ghost_crypter.bat
Download:	download sample
File size:	307 bytes
First seen:	2025-12-24 13:20:06 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	6:hHNGDXvay2olNHn+YWjvT9Ds81R3KupMFXA98WFW0LWpH7jIIJR3Kb6:myyrXn+YWjvT9Y81kUMhA98WFWyWpHvX
TLSH	T1C8E0E7445C24704FDEDEC598471203066C4712C1450F8341173CF8317901EDAC7DD472
Magika	batch
Reporter	BastianHein
Tags:	bat

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Malware family:

n/a

ID:

File name:

ghost_crypter.bat

Verdict:

Malicious activity

Analysis date:

2025-12-24 12:47:58 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/17c04f7b-7f70-43cb-a20f-30beb8382f70

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/45976/

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=694be0fd038f10550b5549e4

Tags:

autorun shell agent sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

lolbin mshta powershell powershell

Link:

https://www.filescan.io/uploads/694be8943f8fdbf8e9511a66/reports/18a96caf-96f8-4d41-b61c-b63127fbad5c/overview

Verdict:

Suspicious

Labled as:

TR/SNH

Link:

https://www.hybrid-analysis.com/sample/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff

Result

Gathering data

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-12-24T10:07:00Z UTC

Last seen:

2025-12-24T10:11:00Z UTC

Hits:

~10

Detections:

Trojan-Downloader.Agent.HTTP.C&C Trojan.Win32.Runner.b Trojan.Win32.Agent.sb NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C

Link:

https://opentip.kaspersky.com/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff/results?tab=lookup

Score:

44%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff/

Verdict:

Malicious

Threat:

Trojan.Win32.Runner

Link:

https://tip.neiki.dev/file/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-12-24 12:47:59 UTC

File Type:

Text (Batch)

AV detection:

1 of 36 (2.78%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=rxbohklc2vlqukko55wmmstb5auhn5zqzsgyj43c4h2bag5wgd7q._file

Gathering data

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/8dc2e3a962d5570a294eef6cc64a61e82876f730cc8d84f362e1f4101bb630ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/45976/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample