MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


SharpHide


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d
SHA3-384 hash: aa4b0c9702dd27a1507bcb0e2aeb7f31b9019a8b6bfe8afe5c2ee4748b9b78d01ad6f07f92fd11a26e6b5a418c111093
SHA1 hash: d43f5c3e026d03975648098c6ca0851da59301f9
MD5 hash: ea3b9726872a7fa849d0a681a20c4ded
humanhash: london-nitrogen-sixteen-apart
File name:1.ps1
Download: download sample
Signature SharpHide
Create hunting rule
File size:123'431 bytes
First seen:2025-01-17 08:23:56 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3072:E2sz0orzAOok9Y3sOGnuerPkwo67g3Lk7pyFV50GuGdtqphBddqyIFr2JdyPrnxf:E2s1zAOok9Y3sOGnuerPkwo67g3Lk7pS
TLSH T19DC32A711207BCCE97BF2F89E8843AA11C9C5077AB548598FDC906B952AF5208F7CDB4
Magika powershell
Reporter JAMESWT_WT
Tags:62-122-184-98 booking ps1 SharpHide

Intelligence

File Origin
# of uploads :
1
# of downloads :
101
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.PowerShell.Obfus-9.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678a13a9aa9c8e7858df2007
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
confuserex evasive lolbin net obfuscated regsvcs
Link:
https://www.filescan.io/uploads/678a13aeba38081b4a1a31aa/reports/98bb6c5a-8708-4ab6-8fdd-f84c26c6f783/overview
Verdict:
Malicious
Labled as:
Trojan[Dropper]/Agent.a
Link:
https://www.hybrid-analysis.com/sample/e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d
Result
Verdict:
MALICIOUS
Details
Base64 Encoded Powershell Directives
Detected one or more base64 encoded Powershell directives.
Base64 Encoded URL
Detected an ANSI or UNICODE http:// or https:// base64 encoded URL prefix.
Result
Threat name:
SharpHide
Create hunting rule
Detection:
malicious
Classification:
adwa.evad
Score:
76 / 100
Link:
https://www.joesandbox.com/analysis/1593509
Signature
AI detected suspicious sample
Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected Powershell download and execute
Yara detected SharpHide
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d/
Threat name:
Script.Downloader.LummaStealer
Create hunting rule
Status:
Malicious
First seen:
2025-01-17 08:20:12 UTC
File Type:
Text (PowerShell)
AV detection:
9 of 38 (23.68%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4xv3uwgnuynod2psp22jyggsdjwn2s2i4xc3l3qqnwjys2awmj6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
execution
Link:
https://tria.ge/reports/250117-kapp3syrfq/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Command and Scripting Interpreter: PowerShell
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

SharpHide

PowerShell (PS) ps1 e5ebba58cda61ae1e9f27eb49c18d21a6cdd4b48e5c5b5ee106d93896816627d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3400377/
  
Delivery method
Distributed via web download

Comments