MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69
SHA3-384 hash: 7e6795a0f83cdcfdd02b596c9655093c4b34cb3c37b7da6549354a55af40344d3343c4486cf0d511b926ecf968db102d
SHA1 hash: 94faed34fb58c119c450a69ee70f896fea616b5f
MD5 hash: 90acb348200a4dd2746f1bd6f073dc7c
humanhash: alpha-maine-louisiana-fix
File name:z1-decoded-1.py
Download: download sample
File size:69'967 bytes
First seen:2025-06-09 09:48:27 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 768:q4mNsgJDpAn3MYD/WmmyW9WMt8Y4wlUlH4JCnKWl+vnaO/SxlRyj:5mNBCDFAW3HOCnKWl+vnasSxWj
TLSH T1F9632AD2F0EE919B1060B69EB074C0D8151FF6B600B39A07BBEDA261F601C476E76DD9
Magika javascript
Reporter JAMESWT_WT
Tags:85-239-62-36 py RATatouille

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
IT IT
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6846b04907b5e8c1cfe5ce33
Tags:
n/a
Verdict:
Suspicious
Labled as:
Ransom/LockFile.fl
Link:
https://www.hybrid-analysis.com/sample/a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69/
Threat name:
Script-PowerShell.Trojan.Malgent
Create hunting rule
Status:
Malicious
First seen:
2025-03-29 20:11:39 UTC
File Type:
Text (Python)
AV detection:
2 of 24 (8.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uuocwlcrgtmaphyruiv5ayq5fgyq4fvo7jaxjniw4ah2idnp3zuq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250609-lxt4raxsgx/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a51c2b2c5134d8079f11a22bd0621d29b10e16aefa4174b516e00fa40dafde69

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)
Rule name:dgaaga
Create hunting rule
Author:Harshit
Description:Detects suspicious PowerShell or registry activity
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.
Rule name:INDICATOR_SUSPICIOUS_Binary_Embedded_MFA_Browser_Extension_IDs
Create hunting rule
Author:ditekSHen
Description:Detect binaries embedding considerable number of MFA browser extension IDs.
Rule name:Macos_Infostealer_Wallets_8e469ea0
Create hunting rule
Author:Elastic Security
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments