MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SalatStealer


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f
SHA3-384 hash: 1503ef94d6bb237a840b8af92b86e5cc0ff29d684c5cb17dcd9be02a15d5ccb7a652980baa6a85b0733d5185cd415f47
SHA1 hash: fba1b0fe28e610724ce3e9a6674f119a8f62d0fc
MD5 hash: b8911b08c5085a3070ad68fa25ae6d08
humanhash: angel-mirror-apart-oscar
File name:aywbbg.zip
Download: download sample
Signature SalatStealer
Create hunting rule
File size:7'688 bytes
First seen:2026-02-28 08:25:44 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 96:IZuoxjb0MiE6clMFKAhdIYO2Vv3BP/EeZsEOPYYeY6JpuDNqHP8m4t2jWllvXoQg:oxjAy61HrVt/Ee7gyYWpuB/TgMd4S4zV
TLSH T161F19ED6D64D3DAFD5C33ABB765C92640D091A7C026640FB73DB75BA02857061BE0381
Magika zip
Reporter JAMESWT_WT
Tags:aywbbg jerrymac2008-duckdns-org SalatStealer Spam-ITA zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
IT IT
File Archive Information

This file archive contains 1 file(s), sorted by their relevance:

File name:aywbbg.bat
File size:21'261 bytes
SHA256 hash: 60118ba6124480d1c28b3d30f380aa64030418ba1774e8437f9cfae5ea191271
MD5 hash: fed2454b6ea71dd261474e64db4a9a56
MIME type:text/plain
Signature SalatStealer
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9968451d-0ce7-4d99-9a4e-e821fc81c9d1/
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69a2a6a8c950ab5d9ab26bd9
Tags:
shell crypt sage
Result
Verdict:
Clean
File Type:
Bat File
Link:
https://app.docguard.net/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
base64 net obfuscated powershell
Link:
https://www.filescan.io/uploads/69a2a6a4cd25bfe1dfdc929a/reports/67d281a9-f3d3-455a-aff8-57ed8e0c7c69/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f
Result
Verdict:
SUSPICIOUS
Link:
https://labs.inquest.net/dfi/sha256/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f
Details
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Verdict:
Unknown
File Type:
zip
Link:
https://opentip.kaspersky.com/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
ARCHIVE
Link:
https://malprob.io/report/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f/
Threat name:
Binary.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-28 08:26:22 UTC
File Type:
Binary (Archive)
Extracted files:
1
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tz5svxrv5zt2rmdhrwyzejtruijitmt5qwqdstrkn2sxxqn6oi7q._file
Result
Malware family:
salatstealer
Create hunting rule
Score:
  10/10
Tags:
family:salatstealer credential_access defense_evasion discovery execution persistence spyware stealer trojan upx
Link:
https://tria.ge/reports/260228-mqrwgsbx5b/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Modifies data under HKEY_USERS
Runs net.exe
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Drops file in Program Files directory
Drops file in Windows directory
Launches sc.exe
Drops file in System32 directory
Suspicious use of SetThreadContext
UPX packed file
Accesses cryptocurrency files/wallets, possible credential harvesting
Adds Run key to start application
Power Settings
Creates new service(s)
Executes dropped EXE
Reads user/profile data of web browsers
Stops running service(s)
Unsecured Credentials: Credentials In Files
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Downloads MZ/PE file
Detect SalatStealer payload
Salatstealer family
UAC bypass
salatstealer
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/9e7b2ade35ee67a8b0678db1922671a21289b27d85a0394e2a6ea57bc1be723f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments