MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0
SHA3-384 hash: ec59c3de70920261ad44236f19c7f376ea9cd5b598882927dc4769a27d8168696ea4f092034df89c85f7d00c59db8644
SHA1 hash: 122fc9e9ccc24ab081fa3770e187ce426901dde1
MD5 hash: 906f349fdb1949e13b79b96c7b97b784
humanhash: equal-alpha-golf-wolfram
File name:Microsoft Edge.ps1
Download: download sample
File size:6'258'820 bytes
First seen:2025-10-23 18:09:32 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 768:frORDmJt+x/Z+sZAyQqJJXSoFPWnL+/9rPqyXlDy1Mwoj2IH4BFNKGwVwMPeLuXX:fqn
Threatray 371 similar samples on MalwareBazaar
TLSH T12656BF2257EB1F9953D0CCFAF3497646C898CD6B7E95B03CF67240A3A43AB06C152798
Magika powershell
Reporter smica83
Tags:ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
65
Origin country :
HU HU
Vendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68fa6f786c859164aa639f31
Tags:
n/a
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0
Verdict:
Malicious
File Type:
ps1
First seen:
2025-10-23T15:28:00Z UTC
Last seen:
2025-10-23T16:07:00Z UTC
Hits:
~10
Detections:
Backdoor.MSIL.AsyncRat.a
Link:
https://opentip.kaspersky.com/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0/results?tab=lookup
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1800853
Signature
AI detected malicious Powershell script
Joe Sandbox ML detected suspicious sample
Malicious sample detected (through community Yara rule)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1800853 Sample: Microsoft Edge.ps1 Startdate: 23/10/2025 Architecture: WINDOWS Score: 56 12 Malicious sample detected (through community Yara rule) 2->12 14 AI detected malicious Powershell script 2->14 16 Joe Sandbox ML detected suspicious sample 2->16 6 powershell.exe 20 2->6         started        process3 process4 8 powershell.exe 27 6->8         started        10 conhost.exe 6->10         started       
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=y2tux625tkrpjyl2gdgl345xtk45csd6g76u5dze6r2bzliqftia._file
Verdict:
malicious
Label(s):
katzstealer
Create hunting rule
Similar samples:
37af7fec85cd3510445cad674cfc61b860f46125347693b90ee5ee94a0679f60
48adcd67cf8123cc37d842603686c80816379a980510a32acf434dfe1508d7eb
4d118124b95b8f2721da1f37f746e97373b55e6197e71c8d3f1942a6d32680fd
7f2e729b73a4abe1de619883eafb58dc269635499a739491bbd6fe5762cfa21a
901d6191e8bf99cf1a2a6b770519d18b82875294e95a55d1e87e42ef8bad213a
a1638a6e9d55a06c4fe43c738950b84a01f43f7883f1bd06bb2cbb60f02c87d2
ca705f3b80b7e5140b7de8913b67177ac126f9eff7e2fa3974828844f70ecab7
d593ddbfe63dbf2b738f9a64619fbb720fab9f79facdeedc24b2c6960121b1a4
d5aa5302121da2e131ae0cd7826a63043d98862776adff650c28bc86e504db22
error
+ 361 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery execution spyware stealer
Link:
https://tria.ge/reports/251023-wryvvsgv9f/
Behaviour
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Reads user/profile data of web browsers
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/c6a74bfb5d9aa2f4e17a30ccbdf3b79ab9d1487e37fd4e8f24f4741cad102cd0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments