MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8
SHA3-384 hash: 7ea6306adf587a2dae45095cfda9527f3df1e4292ffa7eeacab1d7d60fd91fa18677e18f71e4c9b4bdb77a2f5b65b6f8
SHA1 hash: 2f3a1be25af4b80673c066facbbac8cf9238e561
MD5 hash: 9afecc0086a787f74c1c37746529b440
humanhash: sixteen-jupiter-missouri-hamper
File name:CS_Update.ps1
Download: download sample
File size:351'452 bytes
First seen:2020-10-20 11:39:43 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 6144:AGvHCjcsgPj7zWgvIdO+MdiR4hArOJ6j2CqlCex65hIogqh9gC56cuqVbF0k:AGvC4sEjvWVKm4hwOJO7C65+FW1uk
TLSH 0D747B473F5969EED222F526E63AB0C235E0B52E94A98ED4B7F1D0B518F801134F43A7
Reporter JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
140
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8/
Threat name:
Script-PowerShell.Dropper.Cobacis
Create hunting rule
Status:
Malicious
First seen:
2020-10-20 11:36:10 UTC
File Type:
Text
AV detection:
8 of 28 (28.57%)
Threat level:
  3/5
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ca00167290891c622745230d52c813ab8e25f18d2106f18fb6dc2594383b58d8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments