MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kimsuky


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44
SHA3-384 hash: 41255d569d0651563480f10c18e3aed1c752853e971f089e4302cca02ab99c87805d04587d928583076f78a513543182
SHA1 hash: cc733e0ab3d304b10403c75c680d98290bc7677a
MD5 hash: ab20d2d8cf523e879bca392a12a1c800
humanhash: burger-washington-beryllium-fillet
File name:uni.site.je.ps1
Download: download sample
Signature Kimsuky
Create hunting rule
File size:27'030 bytes
First seen:2026-06-16 10:58:43 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 96:4nuHear7jCL1bQaz4ScTtgxUMRtNthtOqBxVl1wSo7kwtplkUOBAq0T+5v94TZS2:4upr7jCSngrRtNthtOOxVgWYkUOXSH
TLSH T1D4C25254BA4B87C3D9B5C5971C18D9B3F3DFA60C0713A9FE24468C69AC41239E15FBA0
Magika txt
Reporter JAMESWT_WT
Tags:Kimsuky ps1 uni-site-je--mort-php

Intelligence

File Origin
# of uploads :
1
# of downloads :
70
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a312c971a97308eef899364
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/6a312c971f652d686583492c/reports/34b2ed0d-4288-4908-b3f9-50b13392af22/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44
Verdict:
Unknown
File Type:
Link:
https://opentip.kaspersky.com/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44/results?tab=lookup
Score:
13%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=yc7d4sfmziow7ia2tjstbfczjfxowemdeczs5p7ysjgm46l45vca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/260616-m3n1csc15z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/c0be3e48acca1d6fa01a9a65309459496eeb118320b32ebff8924cce797ced44

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments