MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SheetRAT

Vendor detections: 10

Intelligence 10 IOCs YARA File information Comments

SHA256 hash:	d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb
SHA3-384 hash:	88417840e44310394bcecdd1e878c95c7f917626c67bc057323daa2f973cc9aa6d204bf82594e333140ce5a0f5e666fb
SHA1 hash:	8499538914ae3c9308dad097c3bc4ec9a5450692
MD5 hash:	e9e49df6a0622c832e6331412b2729d8
humanhash:	mango-carbon-seventeen-delaware
File name:	SolaraFixNew.bat
Download:	download sample
Signature	SheetRAT Create hunting rule
File size:	825'614 bytes
First seen:	2025-03-24 13:56:13 UTC
Last seen:	Never
File type:	bat
MIME type:	text/x-msdos-batch
ssdeep	24576:Z4N9s+jga8kIZDBX8pSx9libYn8ey+1rcdSVO:w
TLSH	T1FF056D107E5415F59FACD90A84599B1DE3A0421F66226CBEF603DB21AFBA1C041FF2DB
Magika	batch
Reporter	JAMESWT_WT
Tags:	bat SheetRat

Intelligence

File Origin

# of uploads :

# of downloads :

103

Origin country :

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

SolaraFixNew.bat

Verdict:

No threats detected

Analysis date:

2025-03-24 13:56:04 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/56d26af6-e0c4-485b-b369-96aa014e6f2c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67e24c48bb84e066269edd10

Tags:

autorun crysan

Result

Verdict:

Clean

Maliciousness:

Behaviour

Running batch commands

Launching a process

Searching for the window

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

certutil cmd evasive lolbin wmic

Link:

https://www.filescan.io/uploads/67e164c2a08e28b31da10602/reports/8819e912-2cbb-4ca6-9a95-4078d5007ff7/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb

Result

Verdict:

MALICIOUS

Result

Threat name:

SheetRat

Detection:

malicious

Classification:

troj.spyw.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/1647133

Behaviour

Behavior Graph:

n/a

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-03-23 02:49:43 UTC

File Type:

Text (Batch)

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2jgpkjjbjq5zumy5apezne6sft6v4gxv3jnt6minz2mbjb3nf65q._file

Verdict:

malicious

Label(s):

balkanrat

Similar samples:

error

SheetRAT

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/250324-q9a9mavjv9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/d24cf525214c3b9a331d03c99693d22cfd5e1af5da5b3f310dce9814876d2fbb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample