MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06e
SHA3-384 hash: 70bb667657838b6a02500a46120b246a05a44fe6eee00dfad0f2a60588ac89e71a453c84324e55de38342b6f648d1609
SHA1 hash: 62c3c3911f00e3481928b05ee5b37d6b925ee627
MD5 hash: 691da94246e21b054330fb9269df4cc1
humanhash: mango-violet-william-robin
File name:1.bat
Download: download sample
File size:504 bytes
First seen:2024-12-16 17:08:20 UTC
Last seen:2025-07-15 07:59:49 UTC
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 6:hzLYVJhZi9QAfQnRaVbAD9QAfQnRa4A7aHjVomxRKVHAbKo0tVk30SAGGdvEi/OU:5YVJhZU6Rw46R9HaVHAbr4OVlCk6Pp
TLSH T1F4F09EDD14B648BD17858903F4D1789AF01940A64F31E5189C8815DE4F8859ABBFBAD2
Magika batch
Reporter Joker
Tags:bat Downloader malware

Intelligence

File Origin
# of uploads :
2
# of downloads :
161
Origin country :
GR GR
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
1.bat
Verdict:
Malicious activity
Analysis date:
2024-12-09 00:45:52 UTC
Tags:
loader payload golang
Link:
https://app.any.run/tasks/23650cdd-1cb0-4324-8949-a2a2cc1ec6c6

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67563dbffca9c44c24979a24
Tags:
emotet shell sage blic
Result
Verdict:
Clean
Maliciousness:

Behaviour
Searching for the window
Running batch commands
Launching a process
Creating a window
Connection attempt
Creating a file
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
certutil cmd findstr lolbin wmic
Link:
https://www.filescan.io/uploads/67605eb49a54f2a218faef92/reports/db865ac6-8e70-430b-a450-a8bfd80118b1/overview
Verdict:
Suspicious
Labled as:
BAT/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06e
Result
Verdict:
UNKNOWN
Details
IPv4 Dotted Quad URL
A URL was detected referencing a direct IP address, as opposed to a domain name.
Result
Threat name:
n/a
Detection:
malicious
Classification:
troj.evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/1576283
Signature
AI detected suspicious sample
System process connects to network (likely due to code injection or exploit)
Uses known network protocols on non-standard ports
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1576283 Sample: 1.bat Startdate: 16/12/2024 Architecture: WINDOWS Score: 56 23 Uses known network protocols on non-standard ports 2->23 25 AI detected suspicious sample 2->25 7 cmd.exe 1 2 2->7         started        process3 process4 9 certutil.exe 3 13 7->9         started        13 cmd.exe 1 7->13         started        15 conhost.exe 7->15         started        dnsIp5 21 120.26.208.69, 25443, 49730, 49731 CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtd China 9->21 27 System process connects to network (likely due to code injection or exploit) 9->27 17 WMIC.exe 1 13->17         started        19 findstr.exe 1 13->19         started        signatures6 process7
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ce0687a3078756b837540ad76edc2dced4711146a67556822b6cefd61c07b06e/
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-12-09 00:45:53 UTC
File Type:
Text
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zydipiyhq5llqn2ubllw5xbnz3khcekguz2vnarlntx5mhahwbxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/241216-vn4q9swqdq/
Behaviour
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments