MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740
SHA3-384 hash: e2d6adc50899cf8d91b001da23a8639c9b5b99b2e689dfc71bdda8b8f943d4149a3d7fa2a48483bed6f0b7ef29d6dd0a
SHA1 hash: 1d18e9adf579fdf62f819c700e09bbb6863016c3
MD5 hash: fb49c7a1dd4185a21e27f13bd77df648
humanhash: mirror-beryllium-utah-failed
File name:fb49c7a1dd4185a21e27f13bd77df648.bat
Download: download sample
File size:461 bytes
First seen:2024-12-10 17:02:13 UTC
Last seen:Never
File type:Batch (bat) bat
MIME type:text/x-msdos-batch
ssdeep 12:wmMDys81kkGr5ZDRN3is81kkGVX5OQ981kvYX53RP:wmMDXRrLRtHRxUkvYX53RP
TLSH T19EF027330111380A9F1AC53AC0017340A217F5868D0EA5A302FA8D251D87063CBEBADE
Magika batch
Reporter abuse_ch
Tags:bat

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
NL NL
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
fb49c7a1dd4185a21e27f13bd77df648.bat
Verdict:
Malicious activity
Analysis date:
2024-12-10 17:06:49 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/0646d275-728b-4816-ac7a-997d59fb60bb

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection(s):
SecuriteInfo.com.Trojan-Downloader.PowerShell.Agent.2562.15651.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6758752575182a06409efb51
Tags:
shell virus sage
Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Сreating synchronization primitives
DNS request
Connection attempt
Creating a window
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
powershell powershell
Link:
https://www.filescan.io/uploads/6758744d08cfeeff58315e3d/reports/c567156c-8c9d-40cb-8ed3-256524f3539b/overview
Verdict:
Malicious
Labled as:
PowerShell/TrojanDownloader.Agent
Link:
https://www.hybrid-analysis.com/sample/d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740
Result
Verdict:
SUSPICIOUS
Details
Hidden Powershell
Detected a pivot to Powershell that utilizes commonly nefarious attributes such as '-windowstyle hidden'.
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1572609
Signature
AI detected suspicious sample
Antivirus detection for URL or domain
Loading BitLocker PowerShell Module
Sigma detected: Suspicious Invoke-WebRequest Execution
Sigma detected: Suspicious Script Execution From Temp Folder
Suspicious powershell command line found
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572609 Sample: EeSNugjFh5.bat Startdate: 10/12/2024 Architecture: WINDOWS Score: 68 20 myguyapp.com 2->20 24 Antivirus detection for URL or domain 2->24 26 AI detected suspicious sample 2->26 28 Sigma detected: Suspicious Invoke-WebRequest Execution 2->28 30 Sigma detected: Suspicious Script Execution From Temp Folder 2->30 7 cmd.exe 1 1 2->7         started        signatures3 process4 signatures5 32 Suspicious powershell command line found 7->32 10 powershell.exe 26 7->10         started        13 powershell.exe 14 15 7->13         started        16 powershell.exe 15 7->16         started        18 conhost.exe 7->18         started        process6 dnsIp7 34 Loading BitLocker PowerShell Module 10->34 22 myguyapp.com 193.26.115.21, 443, 49727, 49738 QUICKPACKETUS Netherlands 13->22 signatures8
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2rosxv5min4w6iehdgbut7uic73kv5eeqsslgvv5mgtwvfrrw5aa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
execution
Link:
https://tria.ge/reports/241210-vkn7eawkcm/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Blocklisted process makes network request
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Batch (bat) bat d45d2bd7ac43796f2087198349fe8817f6aaf48484a4b356bd61a76a9631b740

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3340271/
  
Delivery method
Distributed via web download

Comments